mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
431086a854
commit
6e2c9083f9
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0677",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-0677",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "5050",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5050"
|
||||
},
|
||||
{
|
||||
"name" : "27594",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/27594"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "5050",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5050"
|
||||
},
|
||||
{
|
||||
"name": "27594",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/27594"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0830",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-0830",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "5151",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5151"
|
||||
},
|
||||
{
|
||||
"name" : "27867",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/27867"
|
||||
},
|
||||
{
|
||||
"name" : "1019488",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1019488"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1019488",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1019488"
|
||||
},
|
||||
{
|
||||
"name": "5151",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5151"
|
||||
},
|
||||
{
|
||||
"name": "27867",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/27867"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-3027",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-3027",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "5985",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5985"
|
||||
},
|
||||
{
|
||||
"name" : "30033",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/30033"
|
||||
},
|
||||
{
|
||||
"name" : "vangoghwebcms-articleid-sql-injection(43534)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43534"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "5985",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5985"
|
||||
},
|
||||
{
|
||||
"name": "30033",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/30033"
|
||||
},
|
||||
{
|
||||
"name": "vangoghwebcms-articleid-sql-injection(43534)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43534"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-3044",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-3044",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/"
|
||||
},
|
||||
{
|
||||
"name" : "30056",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/30056"
|
||||
},
|
||||
{
|
||||
"name" : "30885",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30885"
|
||||
},
|
||||
{
|
||||
"name" : "newscalendar-sql-injection(43485)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43485"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/"
|
||||
},
|
||||
{
|
||||
"name": "30056",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/30056"
|
||||
},
|
||||
{
|
||||
"name": "30885",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30885"
|
||||
},
|
||||
{
|
||||
"name": "newscalendar-sql-injection(43485)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43485"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-3098",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-3098",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080922 Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/496589/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://cms.fuzzylime.co.uk/st/content/download/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://cms.fuzzylime.co.uk/st/content/download/"
|
||||
},
|
||||
{
|
||||
"name" : "31306",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31306"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-2650",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/2650"
|
||||
},
|
||||
{
|
||||
"name" : "31980",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31980"
|
||||
},
|
||||
{
|
||||
"name" : "4303",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/4303"
|
||||
},
|
||||
{
|
||||
"name" : "fuzzylimecms-usercheck-xss(45342)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45342"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "fuzzylimecms-usercheck-xss(45342)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45342"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2650",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2650"
|
||||
},
|
||||
{
|
||||
"name": "20080922 Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/496589/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "4303",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/4303"
|
||||
},
|
||||
{
|
||||
"name": "31980",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31980"
|
||||
},
|
||||
{
|
||||
"name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3098-fuzzylime-cms.html"
|
||||
},
|
||||
{
|
||||
"name": "31306",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31306"
|
||||
},
|
||||
{
|
||||
"name": "http://cms.fuzzylime.co.uk/st/content/download/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://cms.fuzzylime.co.uk/st/content/download/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4051",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-4051",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.securityfocus.com/bid/30841/exploit",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.securityfocus.com/bid/30841/exploit"
|
||||
},
|
||||
{
|
||||
"name" : "30841",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/30841"
|
||||
},
|
||||
{
|
||||
"name" : "31637",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31637"
|
||||
},
|
||||
{
|
||||
"name" : "smartsurvey-surveyresults-xss(44702)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44702"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "smartsurvey-surveyresults-xss(44702)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44702"
|
||||
},
|
||||
{
|
||||
"name": "30841",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/30841"
|
||||
},
|
||||
{
|
||||
"name": "31637",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31637"
|
||||
},
|
||||
{
|
||||
"name": "http://www.securityfocus.com/bid/30841/exploit",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.securityfocus.com/bid/30841/exploit"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,112 +1,112 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4255",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an \"allocation error\" and memory corruption, aka \"Windows Common AVI Parsing Overflow Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2008-4255",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20081209 ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/499061/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-083/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-083/"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-083",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-083"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
|
||||
},
|
||||
{
|
||||
"name" : "MS08-070",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
|
||||
},
|
||||
{
|
||||
"name" : "TA08-344A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
|
||||
},
|
||||
{
|
||||
"name" : "32613",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/32613"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:6032",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6032"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-3382",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/3382"
|
||||
},
|
||||
{
|
||||
"name" : "1021369",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1021369"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an \"allocation error\" and memory corruption, aka \"Windows Common AVI Parsing Overflow Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "32613",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/32613"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-3382",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/3382"
|
||||
},
|
||||
{
|
||||
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-083/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-083/"
|
||||
},
|
||||
{
|
||||
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-083",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-083"
|
||||
},
|
||||
{
|
||||
"name": "1021369",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1021369"
|
||||
},
|
||||
{
|
||||
"name": "MS08-070",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:6032",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6032"
|
||||
},
|
||||
{
|
||||
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
|
||||
},
|
||||
{
|
||||
"name": "TA08-344A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
|
||||
},
|
||||
{
|
||||
"name": "20081209 ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/499061/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl",
|
||||
"refsource": "MISC",
|
||||
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/32613.pl"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4268",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka \"Windows Saved Search Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2008-4268",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS08-075",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-075"
|
||||
},
|
||||
{
|
||||
"name" : "TA08-344A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:5853",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5853"
|
||||
},
|
||||
{
|
||||
"name" : "33053",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/33053"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-3387",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/3387"
|
||||
},
|
||||
{
|
||||
"name" : "1021366",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1021366"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka \"Windows Saved Search Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MS08-075",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-075"
|
||||
},
|
||||
{
|
||||
"name": "1021366",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1021366"
|
||||
},
|
||||
{
|
||||
"name": "33053",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/33053"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:5853",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5853"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-3387",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/3387"
|
||||
},
|
||||
{
|
||||
"name": "TA08-344A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4338",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with \"access brilliant_gallery\" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-4338",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080924 Drupal Brilliant Gallery module SQL injection vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/496726/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080924 Drupal Brilliant Gallery module SQL injection vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064662.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://drupal.org/node/313054",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://drupal.org/node/313054"
|
||||
},
|
||||
{
|
||||
"name" : "31387",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31387"
|
||||
},
|
||||
{
|
||||
"name" : "32015",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/32015"
|
||||
},
|
||||
{
|
||||
"name" : "4338",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/4338"
|
||||
},
|
||||
{
|
||||
"name" : "brilliantgallery-bgchecklist-sql-injection(45411)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45411"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with \"access brilliant_gallery\" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "32015",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32015"
|
||||
},
|
||||
{
|
||||
"name": "brilliantgallery-bgchecklist-sql-injection(45411)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45411"
|
||||
},
|
||||
{
|
||||
"name": "31387",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31387"
|
||||
},
|
||||
{
|
||||
"name": "http://drupal.org/node/313054",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://drupal.org/node/313054"
|
||||
},
|
||||
{
|
||||
"name": "4338",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/4338"
|
||||
},
|
||||
{
|
||||
"name": "20080924 Drupal Brilliant Gallery module SQL injection vulnerability",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064662.html"
|
||||
},
|
||||
{
|
||||
"name": "20080924 Drupal Brilliant Gallery module SQL injection vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/496726/100/0/threaded"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4662",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-4662",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/492877/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "6744",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/6744"
|
||||
},
|
||||
{
|
||||
"name" : "31743",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31743"
|
||||
},
|
||||
{
|
||||
"name" : "30472",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30472"
|
||||
},
|
||||
{
|
||||
"name" : "4463",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/4463"
|
||||
},
|
||||
{
|
||||
"name" : "lokicms-admin-file-include(45843)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45843"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/492877/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "4463",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/4463"
|
||||
},
|
||||
{
|
||||
"name": "31743",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31743"
|
||||
},
|
||||
{
|
||||
"name": "30472",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30472"
|
||||
},
|
||||
{
|
||||
"name": "lokicms-admin-file-include(45843)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45843"
|
||||
},
|
||||
{
|
||||
"name": "6744",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/6744"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-6158",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-6158",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://forum.w3bcms.de/viewtopic.php?f=5&t=235",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://forum.w3bcms.de/viewtopic.php?f=5&t=235"
|
||||
},
|
||||
{
|
||||
"name" : "52023",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/52023"
|
||||
},
|
||||
{
|
||||
"name" : "w3bcms-backend-unspecified(48823)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48823"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "52023",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/52023"
|
||||
},
|
||||
{
|
||||
"name": "http://forum.w3bcms.de/viewtopic.php?f=5&t=235",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://forum.w3bcms.de/viewtopic.php?f=5&t=235"
|
||||
},
|
||||
{
|
||||
"name": "w3bcms-backend-unspecified(48823)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48823"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-6427",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-6427",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080601 [ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/492917/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "5698",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5698"
|
||||
},
|
||||
{
|
||||
"name" : "5928",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5928"
|
||||
},
|
||||
{
|
||||
"name" : "http://e-rdc.org/v1/news.php?readmore=91",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://e-rdc.org/v1/news.php?readmore=91"
|
||||
},
|
||||
{
|
||||
"name" : "45916",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/45916"
|
||||
},
|
||||
{
|
||||
"name" : "30465",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30465"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-1923",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/1923/references"
|
||||
},
|
||||
{
|
||||
"name" : "hivemaker-index-sql-injection(42751)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42751"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "5698",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5698"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-1923",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/1923/references"
|
||||
},
|
||||
{
|
||||
"name": "hivemaker-index-sql-injection(42751)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42751"
|
||||
},
|
||||
{
|
||||
"name": "5928",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5928"
|
||||
},
|
||||
{
|
||||
"name": "20080601 [ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/492917/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "http://e-rdc.org/v1/news.php?readmore=91",
|
||||
"refsource": "MISC",
|
||||
"url": "http://e-rdc.org/v1/news.php?readmore=91"
|
||||
},
|
||||
{
|
||||
"name": "30465",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30465"
|
||||
},
|
||||
{
|
||||
"name": "45916",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/45916"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-7015",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-7015",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080911 Server termination in the Unreal engine 3",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080911 Server termination in the Unreal engine 3",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
|
||||
},
|
||||
{
|
||||
"name" : "31140",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31140"
|
||||
},
|
||||
{
|
||||
"name" : "48292",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/48292"
|
||||
},
|
||||
{
|
||||
"name" : "unrealengine-memory-dos(45095)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20080911 Server termination in the Unreal engine 3",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/496280/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "48292",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/48292"
|
||||
},
|
||||
{
|
||||
"name": "unrealengine-memory-dos(45095)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45095"
|
||||
},
|
||||
{
|
||||
"name": "31140",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31140"
|
||||
},
|
||||
{
|
||||
"name": "20080911 Server termination in the Unreal engine 3",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0189.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-7100",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a \"unique id\" for user actions and improper validation of a \"user identity.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-7100",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx"
|
||||
},
|
||||
{
|
||||
"name" : "31145",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31145"
|
||||
},
|
||||
{
|
||||
"name" : "48343",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/48343"
|
||||
},
|
||||
{
|
||||
"name" : "31893",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31893"
|
||||
},
|
||||
{
|
||||
"name" : "dotnetnuke-identity-auth-bypass(45081)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45081"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a \"unique id\" for user actions and improper validation of a \"user identity.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "48343",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/48343"
|
||||
},
|
||||
{
|
||||
"name": "http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx"
|
||||
},
|
||||
{
|
||||
"name": "dotnetnuke-identity-auth-bypass(45081)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45081"
|
||||
},
|
||||
{
|
||||
"name": "31893",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31893"
|
||||
},
|
||||
{
|
||||
"name": "31145",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31145"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-7115",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-7115",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "6305",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/6305"
|
||||
},
|
||||
{
|
||||
"name" : "1020747",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1020747"
|
||||
},
|
||||
{
|
||||
"name" : "31665",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31665"
|
||||
},
|
||||
{
|
||||
"name" : "belkin-router-interface-security-bypass(44874)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44874"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "6305",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/6305"
|
||||
},
|
||||
{
|
||||
"name": "31665",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31665"
|
||||
},
|
||||
{
|
||||
"name": "belkin-router-interface-security-bypass(44874)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44874"
|
||||
},
|
||||
{
|
||||
"name": "1020747",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1020747"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-2050",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-2050",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=959062",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=959062"
|
||||
},
|
||||
{
|
||||
"name" : "64524",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/64524"
|
||||
},
|
||||
{
|
||||
"name" : "56181",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/56181"
|
||||
},
|
||||
{
|
||||
"name" : "cloudforms-cve20132050-sql-injection(89984)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89984"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt"
|
||||
},
|
||||
{
|
||||
"name": "56181",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/56181"
|
||||
},
|
||||
{
|
||||
"name": "64524",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/64524"
|
||||
},
|
||||
{
|
||||
"name": "cloudforms-cve20132050-sql-injection(89984)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89984"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=959062",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=959062"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-2698",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
|
||||
"ID": "CVE-2013-2698",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://wordpress.org/plugins/calendar/changelog/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://wordpress.org/plugins/calendar/changelog/"
|
||||
},
|
||||
{
|
||||
"name" : "59661",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/59661"
|
||||
},
|
||||
{
|
||||
"name" : "52841",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/52841"
|
||||
},
|
||||
{
|
||||
"name" : "wp-calendar-cve20132698-csrf(84032)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84032"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://wordpress.org/plugins/calendar/changelog/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://wordpress.org/plugins/calendar/changelog/"
|
||||
},
|
||||
{
|
||||
"name": "wp-calendar-cve20132698-csrf(84032)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84032"
|
||||
},
|
||||
{
|
||||
"name": "59661",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/59661"
|
||||
},
|
||||
{
|
||||
"name": "52841",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/52841"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-2845",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@google.com",
|
||||
"ID": "CVE-2013-2845",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://code.google.com/p/chromium/issues/detail?id=179522",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://code.google.com/p/chromium/issues/detail?id=179522"
|
||||
},
|
||||
{
|
||||
"name" : "https://code.google.com/p/chromium/issues/detail?id=188092",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://code.google.com/p/chromium/issues/detail?id=188092"
|
||||
},
|
||||
{
|
||||
"name" : "https://code.google.com/p/chromium/issues/detail?id=222136",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://code.google.com/p/chromium/issues/detail?id=222136"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2695",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2013/dsa-2695"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:16354",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16354"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:16354",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16354"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/chromium/issues/detail?id=188092",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://code.google.com/p/chromium/issues/detail?id=188092"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2695",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2013/dsa-2695"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/chromium/issues/detail?id=222136",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://code.google.com/p/chromium/issues/detail?id=222136"
|
||||
},
|
||||
{
|
||||
"name": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/chromium/issues/detail?id=179522",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://code.google.com/p/chromium/issues/detail?id=179522"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6006",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2013-6006",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.cybozu.com/ja-jp/article/7893",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.cybozu.com/ja-jp/article/7893"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#81706478",
|
||||
"refsource" : "JVN",
|
||||
"url" : "http://jvn.jp/en/jp/JVN81706478/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "JVNDB-2013-000125",
|
||||
"refsource" : "JVNDB",
|
||||
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.cybozu.com/ja-jp/article/7893",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.cybozu.com/ja-jp/article/7893"
|
||||
},
|
||||
{
|
||||
"name": "JVNDB-2013-000125",
|
||||
"refsource": "JVNDB",
|
||||
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
|
||||
},
|
||||
{
|
||||
"name": "JVN#81706478",
|
||||
"refsource": "JVN",
|
||||
"url": "http://jvn.jp/en/jp/JVN81706478/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6407",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-6407",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20131128 Re: CVE Request: Apache Solr XXE",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2013/11/29/2"
|
||||
},
|
||||
{
|
||||
"name" : "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup"
|
||||
},
|
||||
{
|
||||
"name" : "https://issues.apache.org/jira/browse/SOLR-3895",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://issues.apache.org/jira/browse/SOLR-3895"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2013:1844",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2014:0029",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
|
||||
},
|
||||
{
|
||||
"name" : "55542",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/55542"
|
||||
},
|
||||
{
|
||||
"name" : "59372",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/59372"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2014:0029",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
|
||||
},
|
||||
{
|
||||
"name": "55542",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/55542"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.apache.org/jira/browse/SOLR-3895",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.apache.org/jira/browse/SOLR-3895"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20131128 Re: CVE Request: Apache Solr XXE",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/2"
|
||||
},
|
||||
{
|
||||
"name": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:1844",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
|
||||
},
|
||||
{
|
||||
"name": "59372",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/59372"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6526",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2013-6526",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6695",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2013-6695",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20131202 Cisco Secure ACS Unprivileged Support Bundle Download Vulnerability",
|
||||
"refsource" : "CISCO",
|
||||
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6695"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20131202 Cisco Secure ACS Unprivileged Support Bundle Download Vulnerability",
|
||||
"refsource": "CISCO",
|
||||
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6695"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6940",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-6940",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://support.citrix.com/article/CTX139049",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.citrix.com/article/CTX139049"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://support.citrix.com/article/CTX139049",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.citrix.com/article/CTX139049"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-7129",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-7129",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/124240",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/124240"
|
||||
},
|
||||
{
|
||||
"name" : "64046",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/64046"
|
||||
},
|
||||
{
|
||||
"name" : "blooog-jplayer-xss(89356)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89356"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "blooog-jplayer-xss(89356)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89356"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/124240",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/124240"
|
||||
},
|
||||
{
|
||||
"name": "64046",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/64046"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-7400",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-7400",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20140911 Re: TYPO3 extensions",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2014/09/11/4"
|
||||
},
|
||||
{
|
||||
"name" : "https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/"
|
||||
},
|
||||
{
|
||||
"name" : "https://extensions.typo3.org/extension/direct_mail/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://extensions.typo3.org/extension/direct_mail/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/",
|
||||
"refsource": "MISC",
|
||||
"url": "https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/"
|
||||
},
|
||||
{
|
||||
"name": "https://extensions.typo3.org/extension/direct_mail/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://extensions.typo3.org/extension/direct_mail/"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20140911 Re: TYPO3 extensions",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "secalert_us@oracle.com",
|
||||
"ID" : "CVE-2017-10337",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Hospitality Suite8",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_affected" : "=",
|
||||
"version_value" : "8.10.1"
|
||||
},
|
||||
{
|
||||
"version_affected" : "=",
|
||||
"version_value" : "8.10.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Oracle Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8."
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2017-10337",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Hospitality Suite8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.10.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "8.10.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Oracle Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
|
||||
},
|
||||
{
|
||||
"name" : "101326",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/101326"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Suite8."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
|
||||
},
|
||||
{
|
||||
"name": "101326",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/101326"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,73 +1,73 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "secalert_us@oracle.com",
|
||||
"ID" : "CVE-2017-10358",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Hyperion Financial Reporting",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_affected" : "=",
|
||||
"version_value" : "11.1.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Oracle Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Financial Reporting accessible data as well as unauthorized read access to a subset of Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Financial Reporting accessible data as well as unauthorized read access to a subset of Oracle Hyperion Financial Reporting accessible data."
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2017-10358",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Hyperion Financial Reporting",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "11.1.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Oracle Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
|
||||
},
|
||||
{
|
||||
"name" : "101306",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/101306"
|
||||
},
|
||||
{
|
||||
"name" : "1039595",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1039595"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Workspace). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Financial Reporting accessible data as well as unauthorized read access to a subset of Oracle Hyperion Financial Reporting accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Financial Reporting accessible data as well as unauthorized read access to a subset of Oracle Hyperion Financial Reporting accessible data."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1039595",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1039595"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
|
||||
},
|
||||
{
|
||||
"name": "101306",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/101306"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-10510",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-10510",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-10596",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-10596",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,127 +1,127 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "sirt@juniper.net",
|
||||
"DATE_PUBLIC" : "2017-10-11T09:00",
|
||||
"ID" : "CVE-2017-10613",
|
||||
"STATE" : "PUBLIC",
|
||||
"TITLE" : "Junos OS: A kernel hang may occur due to a specific loopback filter action command"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Junos OS",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "12.1X46 prior to 12.1X46-D55"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "12.3X48 prior to 12.3X48-D35"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "14.1 prior to 14.1R8-S4, 14.1R9"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "14.1X53 prior to 14.1X53-D40"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "15.1X49 prior to 15.1X49-D60"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "15.1X53 prior to 15.1X53-D47"
|
||||
},
|
||||
{
|
||||
"platform" : "",
|
||||
"version_value" : "16.1 prior to 16.1R2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Juniper Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration" : [],
|
||||
"credit" : [],
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network.",
|
||||
"impact" : {
|
||||
"cvss" : {
|
||||
"attackComplexity" : "LOW",
|
||||
"attackVector" : "LOCAL",
|
||||
"availabilityImpact" : "HIGH",
|
||||
"baseScore" : 5.5,
|
||||
"baseSeverity" : "MEDIUM",
|
||||
"confidentialityImpact" : "NONE",
|
||||
"integrityImpact" : "NONE",
|
||||
"privilegesRequired" : "LOW",
|
||||
"scope" : "UNCHANGED",
|
||||
"userInteraction" : "NONE",
|
||||
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version" : "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "kernel hang"
|
||||
},
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "resource consumption"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "sirt@juniper.net",
|
||||
"DATE_PUBLIC": "2017-10-11T09:00",
|
||||
"ID": "CVE-2017-10613",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Junos OS: A kernel hang may occur due to a specific loopback filter action command"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Junos OS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "12.1X46 prior to 12.1X46-D55"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "12.3X48 prior to 12.3X48-D35"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "14.1 prior to 14.1R8-S4, 14.1R9"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "14.1X53 prior to 14.1X53-D40"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "15.1X49 prior to 15.1X49-D60"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "15.1X53 prior to 15.1X53-D47"
|
||||
},
|
||||
{
|
||||
"platform": "",
|
||||
"version_value": "16.1 prior to 16.1R2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Juniper Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://kb.juniper.net/JSA10816",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://kb.juniper.net/JSA10816"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D55, 12.3X48-D35, 14.1R8-S4, 14.1R9*, 14.1X53-D40*, 14.2R4-S9, 14.2R7-S8, 14.2R8*, 15.1F5-S3, 15.1F6, 15.1R4, 15.1X49-D60, 15.1X53-D47, 16.1R2, 16.2R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1167423 and is visible on the Customer Support website.\n\n*Fix Pending Publication",
|
||||
"work_around" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Discontinue the use of allowing remote sessions to be issued from the local device to reach loopback address(es).\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"configuration": [],
|
||||
"credit": [],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network.",
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "kernel hang"
|
||||
},
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "resource consumption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.juniper.net/JSA10816",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.juniper.net/JSA10816"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": "The following software releases have been updated to resolve this specific issue: 12.1X46-D55, 12.3X48-D35, 14.1R8-S4, 14.1R9*, 14.1X53-D40*, 14.2R4-S9, 14.2R7-S8, 14.2R8*, 15.1F5-S3, 15.1F6, 15.1R4, 15.1X49-D60, 15.1X53-D47, 16.1R2, 16.2R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1167423 and is visible on the Customer Support website.\n\n*Fix Pending Publication",
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Discontinue the use of allowing remote sessions to be issued from the local device to reach loopback address(es).\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts."
|
||||
}
|
||||
]
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security_alert@emc.com",
|
||||
"ID" : "CVE-2017-14379",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "RSA Authentication Manager software version 8.2 SP1 P5 and earlier",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "RSA Authentication Manager software version 8.2 SP1 P5 and earlier"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Stored Cross-Site Scripting Vulnerability"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security_alert@emc.com",
|
||||
"ID": "CVE-2017-14379",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RSA Authentication Manager software version 8.2 SP1 P5 and earlier",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "RSA Authentication Manager software version 8.2 SP1 P5 and earlier"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://seclists.org/fulldisclosure/2017/Nov/34",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://seclists.org/fulldisclosure/2017/Nov/34"
|
||||
},
|
||||
{
|
||||
"name" : "101925",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/101925"
|
||||
},
|
||||
{
|
||||
"name" : "1039853",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1039853"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Stored Cross-Site Scripting Vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1039853",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1039853"
|
||||
},
|
||||
{
|
||||
"name": "101925",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/101925"
|
||||
},
|
||||
{
|
||||
"name": "http://seclists.org/fulldisclosure/2017/Nov/34",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://seclists.org/fulldisclosure/2017/Nov/34"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-14403",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-14403",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.sstrunk.com/cve/eonweb_module_admin_group_search.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.sstrunk.com/cve/eonweb_module_admin_group_search.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.sstrunk.com/cve/eonweb_module_admin_group_search.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.sstrunk.com/cve/eonweb_module_admin_group_search.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-14636",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-14636",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/pts/sam2p/issues/14",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/pts/sam2p/issues/14"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/pts/sam2p/issues/14",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/pts/sam2p/issues/14"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-14795",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-14795",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/leonzhao7/vulnerability/blob/master/An%20Out-of-Bounds%20Read%20%28DoS%29%20Vulnerability%20in%20hevc.c%20of%20libbpg.md",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/leonzhao7/vulnerability/blob/master/An%20Out-of-Bounds%20Read%20%28DoS%29%20Vulnerability%20in%20hevc.c%20of%20libbpg.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/leonzhao7/vulnerability/blob/master/An%20Out-of-Bounds%20Read%20%28DoS%29%20Vulnerability%20in%20hevc.c%20of%20libbpg.md",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/leonzhao7/vulnerability/blob/master/An%20Out-of-Bounds%20Read%20%28DoS%29%20Vulnerability%20in%20hevc.c%20of%20libbpg.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-14855",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-14855",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://misteralfa-hack.blogspot.cl/2017/12/red-lion-guru-mode-cve-2017-14855.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://misteralfa-hack.blogspot.cl/2017/12/red-lion-guru-mode-cve-2017-14855.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://misteralfa-hack.blogspot.cl/2017/12/red-lion-guru-mode-cve-2017-14855.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://misteralfa-hack.blogspot.cl/2017/12/red-lion-guru-mode-cve-2017-14855.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-15153",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-15153",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-15250",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-15250",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15250",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15250"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15250",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15250"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@google.com",
|
||||
"ID" : "CVE-2017-15413",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Google Chrome prior to 63.0.3239.84 unknown",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Google Chrome prior to 63.0.3239.84 unknown"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Type confusion"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@google.com",
|
||||
"ID": "CVE-2017-15413",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Google Chrome prior to 63.0.3239.84 unknown",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Google Chrome prior to 63.0.3239.84 unknown"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://crbug.com/766666",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://crbug.com/766666"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-4064",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "https://www.debian.org/security/2017/dsa-4064"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201801-03",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201801-03"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2017:3401",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:3401"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Type confusion"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2017:3401",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2017:3401"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201801-03",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201801-03"
|
||||
},
|
||||
{
|
||||
"name": "https://crbug.com/766666",
|
||||
"refsource": "MISC",
|
||||
"url": "https://crbug.com/766666"
|
||||
},
|
||||
{
|
||||
"name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-4064",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "https://www.debian.org/security/2017/dsa-4064"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-15432",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2017-15432",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9527",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9527",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/mruby/mruby/issues/3486",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/mruby/mruby/issues/3486"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/mruby/mruby/issues/3486",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/mruby/mruby/issues/3486"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9837",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2017-9837",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9893",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9893",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9904",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9904",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,183 +1,183 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "sirt@juniper.net",
|
||||
"DATE_PUBLIC" : "2018-04-11T16:00:00.000Z",
|
||||
"ID" : "CVE-2018-0019",
|
||||
"STATE" : "PUBLIC",
|
||||
"TITLE" : "Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d)."
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Junos OS",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "12.1X46",
|
||||
"version_value" : "12.1X46-D76"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "12.3",
|
||||
"version_value" : "12.3R12-S7, 12.3R13"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "12.3X48",
|
||||
"version_value" : "12.3X48-D65"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "14.1",
|
||||
"version_value" : "14.1R9"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "14.1X53",
|
||||
"version_value" : "14.1X53-D130"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "15.1",
|
||||
"version_value" : "15.1F2-S20, 15.1F6-S10, 15.1R7"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "15.1X49",
|
||||
"version_value" : "15.1X49-D130"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "15.1X53",
|
||||
"version_value" : "15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "16.1",
|
||||
"version_value" : "16.1R5-S3, 16.1R7"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "16.1X65",
|
||||
"version_value" : "16.1X65-D47"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "16.1X70",
|
||||
"version_value" : "16.1X70-D10"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "16.2",
|
||||
"version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3"
|
||||
},
|
||||
{
|
||||
"affected" : "<",
|
||||
"version_name" : "17.1",
|
||||
"version_value" : "17.1R2-S6, 17.1R3"
|
||||
},
|
||||
{
|
||||
"affected" : "!>=",
|
||||
"version_name" : "17.2",
|
||||
"version_value" : "17.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Juniper Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "This issue only affects systems with SNMP mib2d enabled. SNMP is disabled by default on devices running Junos OS. "
|
||||
}
|
||||
],
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities. SNMP is disabled by default on devices running Junos OS. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S7, 12.3R13; 12.3X48 versions prior to 12.3X48-D65; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D130; 15.1 versions prior to 15.1F2-S20, 15.1F6-S10, 15.1R7; 15.1X49 versions prior to 15.1X49-D130; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66; 16.1 versions prior to 16.1R5-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D47; 16.1X70 versions prior to 16.1X70-D10; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3;"
|
||||
}
|
||||
]
|
||||
},
|
||||
"exploit" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
||||
}
|
||||
],
|
||||
"impact" : {
|
||||
"cvss" : {
|
||||
"attackComplexity" : "LOW",
|
||||
"attackVector" : "NETWORK",
|
||||
"availabilityImpact" : "LOW",
|
||||
"baseScore" : 5.3,
|
||||
"baseSeverity" : "MEDIUM",
|
||||
"confidentialityImpact" : "NONE",
|
||||
"integrityImpact" : "NONE",
|
||||
"privilegesRequired" : "NONE",
|
||||
"scope" : "UNCHANGED",
|
||||
"userInteraction" : "NONE",
|
||||
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version" : "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "denial of service"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "sirt@juniper.net",
|
||||
"DATE_PUBLIC": "2018-04-11T16:00:00.000Z",
|
||||
"ID": "CVE-2018-0019",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Junos: Denial of service vulnerability in SNMP MIB-II subagent daemon (mib2d)."
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Junos OS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "12.1X46",
|
||||
"version_value": "12.1X46-D76"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "12.3",
|
||||
"version_value": "12.3R12-S7, 12.3R13"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "12.3X48",
|
||||
"version_value": "12.3X48-D65"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "14.1",
|
||||
"version_value": "14.1R9"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "14.1X53",
|
||||
"version_value": "14.1X53-D130"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "15.1",
|
||||
"version_value": "15.1F2-S20, 15.1F6-S10, 15.1R7"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "15.1X49",
|
||||
"version_value": "15.1X49-D130"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "15.1X53",
|
||||
"version_value": "15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "16.1",
|
||||
"version_value": "16.1R5-S3, 16.1R7"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "16.1X65",
|
||||
"version_value": "16.1X65-D47"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "16.1X70",
|
||||
"version_value": "16.1X70-D10"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "16.2",
|
||||
"version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_name": "17.1",
|
||||
"version_value": "17.1R2-S6, 17.1R3"
|
||||
},
|
||||
{
|
||||
"affected": "!>=",
|
||||
"version_name": "17.2",
|
||||
"version_value": "17.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Juniper Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://kb.juniper.net/JSA10847",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://kb.juniper.net/JSA10847"
|
||||
},
|
||||
{
|
||||
"name" : "1040787",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040787"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The following software releases have been updated to resolve this specific issue:12.3R12-S7, 12.3R13, 12.3X48-D65, 14.1R9, 14.1X53-D130, 15.1F2-S20, 15.1F6-S10, 15.1R7, 15.1X49-D130, 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66, 16.1R5-S3, 16.1R7, 16.1X65-D47, 16.1X70-D10, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R1, and all subsequent releases."
|
||||
}
|
||||
],
|
||||
"source" : {
|
||||
"advisory" : "JSA10847",
|
||||
"defect" : [
|
||||
"1241134"
|
||||
],
|
||||
"discovery" : "USER"
|
||||
},
|
||||
"work_around" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"configuration": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue only affects systems with SNMP mib2d enabled. SNMP is disabled by default on devices running Junos OS. "
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may allow a remote network based attacker to cause the mib2d process to crash resulting in a denial of service condition (DoS) for the SNMP subsystem. While a mib2d process crash can disrupt the network monitoring via SNMP, it does not impact routing, switching or firewall functionalities. SNMP is disabled by default on devices running Junos OS. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S7, 12.3R13; 12.3X48 versions prior to 12.3X48-D65; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D130; 15.1 versions prior to 15.1F2-S20, 15.1F6-S10, 15.1R7; 15.1X49 versions prior to 15.1X49-D130; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66; 16.1 versions prior to 16.1R5-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D47; 16.1X70 versions prior to 16.1X70-D10; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3;"
|
||||
}
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "denial of service"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://kb.juniper.net/JSA10847",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://kb.juniper.net/JSA10847"
|
||||
},
|
||||
{
|
||||
"name": "1040787",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040787"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The following software releases have been updated to resolve this specific issue:12.3R12-S7, 12.3R13, 12.3X48-D65, 14.1R9, 14.1X53-D130, 15.1F2-S20, 15.1F6-S10, 15.1R7, 15.1X49-D130, 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66, 16.1R5-S3, 16.1R7, 16.1X65-D47, 16.1X70-D10, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R1, and all subsequent releases."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"advisory": "JSA10847",
|
||||
"defect": [
|
||||
"1241134"
|
||||
],
|
||||
"discovery": "USER"
|
||||
},
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
|
||||
}
|
||||
]
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "psirt@cisco.com",
|
||||
"ID" : "CVE-2018-0175",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Cisco IOS, IOS XE, and IOS XR",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Cisco IOS, IOS XE, and IOS XR"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-119"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2018-0175",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco IOS, IOS XE, and IOS XR",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Cisco IOS, IOS XE, and IOS XR"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"
|
||||
},
|
||||
{
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
|
||||
},
|
||||
{
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
|
||||
},
|
||||
{
|
||||
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"
|
||||
},
|
||||
{
|
||||
"name" : "103564",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/103564"
|
||||
},
|
||||
{
|
||||
"name" : "1040586",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040586"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"
|
||||
},
|
||||
{
|
||||
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03",
|
||||
"refsource": "MISC",
|
||||
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"
|
||||
},
|
||||
{
|
||||
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04",
|
||||
"refsource": "MISC",
|
||||
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
|
||||
},
|
||||
{
|
||||
"name": "1040586",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040586"
|
||||
},
|
||||
{
|
||||
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05",
|
||||
"refsource": "MISC",
|
||||
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
|
||||
},
|
||||
{
|
||||
"name": "103564",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/103564"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "psirt@cisco.com",
|
||||
"ID" : "CVE-2018-0307",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Cisco NX-OS unknown",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Cisco NX-OS unknown"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-20"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2018-0307",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco NX-OS unknown",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Cisco NX-OS unknown"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection"
|
||||
},
|
||||
{
|
||||
"name" : "1041169",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1041169"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection"
|
||||
},
|
||||
{
|
||||
"name": "1041169",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1041169"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,113 +1,113 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "Secure@Microsoft.com",
|
||||
"ID" : "CVE-2018-0854",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Windows Server 2016",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows 10",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1607 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1607 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1703 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1703 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1709 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1709 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows 10 Servers",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "version 1709 (Server Core Installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Microsoft"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Security Feature Bypass"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2018-0854",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Windows Server 2016",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows 10",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1607 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1607 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1703 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1703 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1709 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1709 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows 10 Servers",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "version 1709 (Server Core Installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Microsoft"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0854",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0854"
|
||||
},
|
||||
{
|
||||
"name" : "104029",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/104029"
|
||||
},
|
||||
{
|
||||
"name" : "1040849",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040849"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Security Feature Bypass"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1040849",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040849"
|
||||
},
|
||||
{
|
||||
"name": "104029",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/104029"
|
||||
},
|
||||
{
|
||||
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0854",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0854"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,83 +1,83 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "secure@microsoft.com",
|
||||
"DATE_PUBLIC" : "2018-03-14T00:00:00",
|
||||
"ID" : "CVE-2018-0934",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "ChakraCore, Microsoft Edge",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Microsoft Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Remote Code Execution"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"DATE_PUBLIC": "2018-03-14T00:00:00",
|
||||
"ID": "CVE-2018-0934",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ChakraCore, Microsoft Edge",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Microsoft Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "44396",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/44396/"
|
||||
},
|
||||
{
|
||||
"name" : "44397",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/44397/"
|
||||
},
|
||||
{
|
||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934"
|
||||
},
|
||||
{
|
||||
"name" : "103275",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/103275"
|
||||
},
|
||||
{
|
||||
"name" : "1040507",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040507"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Remote Code Execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934"
|
||||
},
|
||||
{
|
||||
"name": "44397",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/44397/"
|
||||
},
|
||||
{
|
||||
"name": "44396",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/44396/"
|
||||
},
|
||||
{
|
||||
"name": "1040507",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040507"
|
||||
},
|
||||
{
|
||||
"name": "103275",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/103275"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,64 +1,64 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
|
||||
"DATE_ASSIGNED" : "2/2/2018 13:35:28",
|
||||
"ID" : "CVE-2018-1000046",
|
||||
"REQUESTER" : "nitin.arya@owasp.org",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Pyblock ",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "v1.0 - v1.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "NASA"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-502"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"DATE_ASSIGNED": "2/2/2018 13:35:28",
|
||||
"ID": "CVE-2018-1000046",
|
||||
"REQUESTER": "nitin.arya@owasp.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/nasa/PyBlock/pull/5",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/nasa/PyBlock/pull/5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. This attack appear to be exploitable via Victim opening a specially crafted radar data file. This vulnerability appears to have been fixed in v1.4."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/nasa/PyBlock/pull/5",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/nasa/PyBlock/pull/5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-16075",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-16075",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-16295",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-16295",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
|
||||
},
|
||||
{
|
||||
"name" : "1041769",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1041769"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
|
||||
},
|
||||
{
|
||||
"name": "1041769",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1041769"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-16789",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-16789",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/149978/Shell-In-A-Box-2.2.0-Denial-Of-Service.html"
|
||||
},
|
||||
{
|
||||
"url": "http://seclists.org/fulldisclosure/2018/Oct/50",
|
||||
"refsource": "MISC",
|
||||
"name": "http://seclists.org/fulldisclosure/2018/Oct/50"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361",
|
||||
"url": "https://github.com/shellinabox/shellinabox/commit/4f0ecc31ac6f985e0dd3f5a52cbfc0e9251f6361"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://code.google.com/archive/p/shellinabox/issues",
|
||||
"url": "https://code.google.com/archive/p/shellinabox/issues"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-16965",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-16965",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://pitstop.manageengine.com/portal/community/topic/supportcenter-plus-version-8-1-build-8109-released",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://pitstop.manageengine.com/portal/community/topic/supportcenter-plus-version-8-1-build-8109-released"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name": "https://pitstop.manageengine.com/portal/community/topic/supportcenter-plus-version-8-1-build-8109-released",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://pitstop.manageengine.com/portal/community/topic/supportcenter-plus-version-8-1-build-8109-released"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19186",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19186",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19590",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19590",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19952",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19952",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "product-security@apple.com",
|
||||
"ID" : "CVE-2018-4212",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2018-4212",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208693,",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://support.apple.com/HT208693,"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208695,",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://support.apple.com/HT208695,"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208696,",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://support.apple.com/HT208696,"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208697,",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://support.apple.com/HT208697,"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208698,",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://support.apple.com/HT208698,"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208694",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT208694"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201812-04",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201812-04"
|
||||
},
|
||||
{
|
||||
"name" : "USN-3781-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "https://usn.ubuntu.com/3781-1/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.apple.com/HT208695,",
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.apple.com/HT208695,"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT208697,",
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.apple.com/HT208697,"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT208696,",
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.apple.com/HT208696,"
|
||||
},
|
||||
{
|
||||
"name": "USN-3781-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "https://usn.ubuntu.com/3781-1/"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT208698,",
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.apple.com/HT208698,"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201812-04",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201812-04"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT208694",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT208694"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT208693,",
|
||||
"refsource": "MISC",
|
||||
"url": "https://support.apple.com/HT208693,"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "product-security@apple.com",
|
||||
"ID" : "CVE-2018-4217",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2018-4217",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208849",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT208849"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.apple.com/HT208849",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT208849"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-4406",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-4406",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-4512",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-4512",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-4632",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-4632",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user