admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:47:41 +00:00
parent 829ba69240
commit 7492c5f7e5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
66 changed files with 5161 additions and 5164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2004/1xxx/CVE-2004-1663.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109435831811484&w=2"
},
{
"name" : "11108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11108"
},
{
"name" : "12464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12464"
},
{
"name" : "engenio-controller-tcp-dos(17290)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109435831811484&w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
]
}
}

150
2004/1xxx/CVE-2004-1750.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040825 RealVNC 4.0 DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109346198700529&w=2"
},
{
"name" : "11048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11048"
},
{
"name" : "13143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13143"
},
{
"name" : "realvnc-multiple-connections-dos(17123)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13143"
},
{
"name": "11048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11048"
},
{
"name": "realvnc-multiple-connections-dos(17123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17123"
},
{
"name": "20040825 RealVNC 4.0 DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109346198700529&w=2"
}
]
}
}

130
2008/0xxx/CVE-2008-0494.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html"
},
{
"name" : "27477",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27477"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27477"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html"
}
]
}
}

150
2008/0xxx/CVE-2008-0510.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5007",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5007"
},
{
"name" : "27502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27502"
},
{
"name" : "ADV-2008-0354",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0354"
},
{
"name" : "newsletter-index-sql-injection(40036)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5007",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5007"
},
{
"name": "newsletter-index-sql-injection(40036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40036"
},
{
"name": "ADV-2008-0354",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0354"
},
{
"name": "27502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27502"
}
]
}
}

170
2008/0xxx/CVE-2008-0638.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name" : "25778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25778"
},
{
"name" : "1019459",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019459"
},
{
"name" : "29050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25778"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
]
}
}

180
2008/0xxx/CVE-2008-0962.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080410 EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684"
},
{
"name" : "28728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28728"
},
{
"name" : "ADV-2008-1198",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1198/references"
},
{
"name" : "44418",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/44418"
},
{
"name" : "1019828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019828"
},
{
"name" : "29778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29778"
},
{
"name" : "emc-diskxtender-filesystemmanager-bo(41774)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41774"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emc-diskxtender-filesystemmanager-bo(41774)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41774"
},
{
"name": "ADV-2008-1198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1198/references"
},
{
"name": "20080410 EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684"
},
{
"name": "29778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29778"
},
{
"name": "1019828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019828"
},
{
"name": "28728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28728"
},
{
"name": "44418",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44418"
}
]
}
}

430
2008/3xxx/CVE-2008-3111.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494505/100/0/threaded"
},
{
"name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2"
},
{
"name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-043/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-043/"
},
{
"name" : "http://support.apple.com/kb/HT3178",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3178"
},
{
"name" : "http://support.apple.com/kb/HT3179",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3179"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"name" : "APPLE-SA-2008-09-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "RHSA-2008:0595",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
},
{
"name" : "RHSA-2008:0790",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
},
{
"name" : "238905",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1"
},
{
"name" : "SUSE-SA:2008:042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
},
{
"name" : "SUSE-SA:2008:043",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
},
{
"name" : "SUSE-SA:2008:045",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
},
{
"name" : "TA08-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
},
{
"name" : "30148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30148"
},
{
"name" : "oval:org.mitre.oval:def:10541",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "31736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31736"
},
{
"name" : "ADV-2008-2056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2056/references"
},
{
"name" : "ADV-2008-2740",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2740"
},
{
"name" : "1020452",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020452"
},
{
"name" : "31010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31010"
},
{
"name" : "31055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31055"
},
{
"name" : "31320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31320"
},
{
"name" : "31497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31497"
},
{
"name" : "31600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31600"
},
{
"name" : "32018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32018"
},
{
"name" : "32180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32180"
},
{
"name" : "32179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32179"
},
{
"name" : "sun-javawebstart-unspecified-bo(43664)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-09-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
},
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2"
},
{
"name": "31600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31600"
},
{
"name": "SUSE-SA:2008:042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
},
{
"name": "32018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32018"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "32179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32179"
},
{
"name": "ADV-2008-2740",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"name": "31320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31320"
},
{
"name": "SUSE-SA:2008:043",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
},
{
"name": "sun-javawebstart-unspecified-bo(43664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664"
},
{
"name": "ADV-2008-2056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2056/references"
},
{
"name": "238905",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1"
},
{
"name": "31055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31055"
},
{
"name": "32180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32180"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"name": "31736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31736"
},
{
"name": "oval:org.mitre.oval:def:10541",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541"
},
{
"name": "http://support.apple.com/kb/HT3178",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3178"
},
{
"name": "1020452",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020452"
},
{
"name": "30148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30148"
},
{
"name": "31497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31497"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/"
},
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded"
},
{
"name": "SUSE-SA:2008:045",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
},
{
"name": "RHSA-2008:0790",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
},
{
"name": "TA08-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "http://support.apple.com/kb/HT3179",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3179"
},
{
"name": "RHSA-2008:0595",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
},
{
"name": "31010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31010"
}
]
}
}

230
2008/3xxx/CVE-2008-3608.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3298",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3298"
},
{
"name" : "http://support.apple.com/kb/HT3276",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3276"
},
{
"name" : "APPLE-SA-2008-09-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2008-11-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name" : "TA08-260A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name" : "31189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31189"
},
{
"name" : "32706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32706"
},
{
"name" : "ADV-2008-2584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name" : "ADV-2008-3107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3107"
},
{
"name" : "1020876",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020876"
},
{
"name" : "31882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31882"
},
{
"name" : "macos-jpeg-code-execution(45168)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31189"
},
{
"name": "APPLE-SA-2008-11-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name": "macos-jpeg-code-execution(45168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45168"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "ADV-2008-3107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3107"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "1020876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020876"
},
{
"name": "32706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32706"
},
{
"name": "http://support.apple.com/kb/HT3298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "http://support.apple.com/kb/HT3276",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3276"
}
]
}
}

220
2008/3xxx/CVE-2008-3680.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080813 NULL pointer in Ventrilo 3.0.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495448/100/0/threaded"
},
{
"name" : "6237",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6237"
},
{
"name" : "http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt"
},
{
"name" : "http://aluigi.org/poc/ventrilobotomy.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/ventrilobotomy.zip"
},
{
"name" : "GLSA-200904-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-13.xml"
},
{
"name" : "30675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30675"
},
{
"name" : "34696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34696"
},
{
"name" : "ADV-2008-2365",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2365"
},
{
"name" : "31466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31466"
},
{
"name" : "4156",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4156"
},
{
"name" : "ventrilo-packets-dos(44428)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ventrilo-packets-dos(44428)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44428"
},
{
"name": "GLSA-200904-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-13.xml"
},
{
"name": "20080813 NULL pointer in Ventrilo 3.0.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495448/100/0/threaded"
},
{
"name": "4156",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4156"
},
{
"name": "6237",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6237"
},
{
"name": "34696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34696"
},
{
"name": "http://aluigi.org/poc/ventrilobotomy.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/ventrilobotomy.zip"
},
{
"name": "http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt"
},
{
"name": "31466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31466"
},
{
"name": "30675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30675"
},
{
"name": "ADV-2008-2365",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2365"
}
]
}
}

160
2008/3xxx/CVE-2008-3980.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-3980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
},
{
"name" : "ADV-2008-2825",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2825"
},
{
"name" : "1021050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021050"
},
{
"name" : "32291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32291"
},
{
"name" : "oracle-database-upgrade-priv-escalation(45884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
},
{
"name": "32291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32291"
},
{
"name": "1021050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021050"
},
{
"name": "ADV-2008-2825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2825"
},
{
"name": "oracle-database-upgrade-priv-escalation(45884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45884"
}
]
}
}

630
2008/4xxx/CVE-2008-4058.json
View File

@ -1,317 +1,317 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=444075",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=444075"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=444077",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=444077"
},
{
"name" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
},
{
"name" : "DSA-1669",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1669"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "DSA-1696",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1696"
},
{
"name" : "DSA-1649",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1649"
},
{
"name" : "FEDORA-2008-8401",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
},
{
"name" : "FEDORA-2008-8429",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
},
{
"name" : "FEDORA-2008-8425",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html"
},
{
"name" : "MDVSA-2008:205",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
},
{
"name" : "MDVSA-2008:206",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206"
},
{
"name" : "RHSA-2008:0908",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0908.html"
},
{
"name" : "RHSA-2008:0879",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0879.html"
},
{
"name" : "RHSA-2008:0882",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
},
{
"name" : "SSA:2008-269-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232"
},
{
"name" : "SSA:2008-269-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422"
},
{
"name" : "SSA:2008-270-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123"
},
{
"name" : "256408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name" : "SUSE-SA:2008:050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
},
{
"name" : "USN-647-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-647-1"
},
{
"name" : "USN-645-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-645-1"
},
{
"name" : "USN-645-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-645-2"
},
{
"name" : "31346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31346"
},
{
"name" : "oval:org.mitre.oval:def:9679",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679"
},
{
"name" : "34501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34501"
},
{
"name" : "32185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32185"
},
{
"name" : "32196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32196"
},
{
"name" : "ADV-2008-2661",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2661"
},
{
"name" : "1020915",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020915"
},
{
"name" : "32042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32042"
},
{
"name" : "32025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32025"
},
{
"name" : "32092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32092"
},
{
"name" : "32144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32144"
},
{
"name" : "32044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32044"
},
{
"name" : "32082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32082"
},
{
"name" : "32089",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32089"
},
{
"name" : "32095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32095"
},
{
"name" : "32096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32096"
},
{
"name" : "32845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32845"
},
{
"name" : "31984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31984"
},
{
"name" : "31985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31985"
},
{
"name" : "31987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31987"
},
{
"name" : "32007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32007"
},
{
"name" : "32010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32010"
},
{
"name" : "32011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32011"
},
{
"name" : "32012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32012"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
},
{
"name" : "33434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33434"
},
{
"name" : "ADV-2009-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name" : "firefox3-xpcnativewrappers-code-execution(45349)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32025"
},
{
"name": "32011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32011"
},
{
"name": "SSA:2008-269-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "32096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32096"
},
{
"name": "FEDORA-2008-8401",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
},
{
"name": "USN-645-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-645-1"
},
{
"name": "firefox3-xpcnativewrappers-code-execution(45349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45349"
},
{
"name": "MDVSA-2008:206",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206"
},
{
"name": "32144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32144"
},
{
"name": "32010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32010"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-41.html"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "USN-645-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-645-2"
},
{
"name": "31346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31346"
},
{
"name": "31985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31985"
},
{
"name": "SUSE-SA:2008:050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
},
{
"name": "31984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31984"
},
{
"name": "32185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32185"
},
{
"name": "32196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32196"
},
{
"name": "FEDORA-2008-8425",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html"
},
{
"name": "DSA-1669",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1669"
},
{
"name": "32042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32042"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "ADV-2008-2661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2661"
},
{
"name": "SSA:2008-269-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422"
},
{
"name": "32095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32095"
},
{
"name": "32089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32089"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "32092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32092"
},
{
"name": "RHSA-2008:0879",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0879.html"
},
{
"name": "MDVSA-2008:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
},
{
"name": "DSA-1696",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1696"
},
{
"name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
},
{
"name": "FEDORA-2008-8429",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
},
{
"name": "31987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31987"
},
{
"name": "oval:org.mitre.oval:def:9679",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679"
},
{
"name": "1020915",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020915"
},
{
"name": "USN-647-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-647-1"
},
{
"name": "32007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32007"
},
{
"name": "RHSA-2008:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
},
{
"name": "32845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32845"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=444075",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=444075"
},
{
"name": "DSA-1649",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1649"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=444077",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=444077"
},
{
"name": "32012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32012"
},
{
"name": "33434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33434"
},
{
"name": "SSA:2008-270-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123"
},
{
"name": "32044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32044"
},
{
"name": "RHSA-2008:0908",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "32082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32082"
}
]
}
}

240
2008/4xxx/CVE-2008-4242.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080926 multiple vendor ftpd - Cross-site request forgery",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/56"
},
{
"name" : "http://bugs.proftpd.org/show_bug.cgi?id=3115",
"refsource" : "CONFIRM",
"url" : "http://bugs.proftpd.org/show_bug.cgi?id=3115"
},
{
"name" : "DSA-1689",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1689"
},
{
"name" : "FEDORA-2009-0064",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"name" : "FEDORA-2009-0195",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
},
{
"name" : "MDVSA-2009:061",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name" : "31289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31289"
},
{
"name" : "1020945",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020945"
},
{
"name" : "31930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31930"
},
{
"name" : "33261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33261"
},
{
"name" : "33413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33413"
},
{
"name" : "4313",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4313"
},
{
"name" : "proftpd-url-csrf(45274)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31289"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "MDVSA-2009:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "1020945",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020945"
},
{
"name": "31930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31930"
},
{
"name": "FEDORA-2009-0195",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
},
{
"name": "33261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33261"
},
{
"name": "33413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33413"
},
{
"name": "4313",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4313"
},
{
"name": "FEDORA-2009-0064",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"name": "DSA-1689",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1689"
},
{
"name": "proftpd-url-csrf(45274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
}
]
}
}

160
2008/4xxx/CVE-2008-4328.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080925 SQL Injection in EasyRealtorPRO 2008",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496744/100/0/threaded"
},
{
"name" : "http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/",
"refsource" : "MISC",
"url" : "http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/"
},
{
"name" : "31401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31401"
},
{
"name" : "4337",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4337"
},
{
"name" : "easyrealtorpro-sitesearch-sql-injection(45418)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/",
"refsource": "MISC",
"url": "http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/"
},
{
"name": "20080925 SQL Injection in EasyRealtorPRO 2008",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496744/100/0/threaded"
},
{
"name": "4337",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4337"
},
{
"name": "easyrealtorpro-sitesearch-sql-injection(45418)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45418"
},
{
"name": "31401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31401"
}
]
}
}

220
2008/4xxx/CVE-2008-4342.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081027 Blaze Media Pro 8.02 SE vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497831/100/0/threaded"
},
{
"name" : "6491",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6491"
},
{
"name" : "http://retrogod.altervista.org/9sg_numedia_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/9sg_numedia_xpl.html"
},
{
"name" : "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq",
"refsource" : "MISC",
"url" : "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq"
},
{
"name" : "31374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31374"
},
{
"name" : "32455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32455"
},
{
"name" : "ADV-2008-2663",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2663"
},
{
"name" : "31936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31936"
},
{
"name" : "31949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31949"
},
{
"name" : "31950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31950"
},
{
"name" : "nmsdvdburning-nmsdvdx-file-overwrite(45330)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31936"
},
{
"name": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_TrWE9AJA8nQpuFsnxBcq"
},
{
"name": "6491",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6491"
},
{
"name": "ADV-2008-2663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2663"
},
{
"name": "20081027 Blaze Media Pro 8.02 SE vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497831/100/0/threaded"
},
{
"name": "nmsdvdburning-nmsdvdx-file-overwrite(45330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45330"
},
{
"name": "32455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32455"
},
{
"name": "31949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31949"
},
{
"name": "31374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31374"
},
{
"name": "http://retrogod.altervista.org/9sg_numedia_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_numedia_xpl.html"
},
{
"name": "31950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31950"
}
]
}
}

180
2008/4xxx/CVE-2008-4549.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080124 ImageShack Toolbar FileUploader Class insecurities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486941/100/200/threaded"
},
{
"name" : "4981",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4981"
},
{
"name" : "27439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27439"
},
{
"name" : "40628",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40628"
},
{
"name" : "28644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28644"
},
{
"name" : "4410",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4410"
},
{
"name" : "toolbar-imageshacktoolbar-info-disclosure(39921)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40628",
"refsource": "OSVDB",
"url": "http://osvdb.org/40628"
},
{
"name": "4981",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4981"
},
{
"name": "28644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28644"
},
{
"name": "4410",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4410"
},
{
"name": "20080124 ImageShack Toolbar FileUploader Class insecurities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486941/100/200/threaded"
},
{
"name": "27439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27439"
},
{
"name": "toolbar-imageshacktoolbar-info-disclosure(39921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39921"
}
]
}
}

250
2008/4xxx/CVE-2008-4866.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html"
},
{
"name" : "[ffmpeg-cvslog] 20080812 r14714 - trunk/libavformat/utils.c",
"refsource" : "MLIST",
"url" : "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html"
},
{
"name" : "[ffmpeg-cvslog] 20080812 r14715 - trunk/libavformat/avformat.h",
"refsource" : "MLIST",
"url" : "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html"
},
{
"name" : "[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/29/6"
},
{
"name" : "DSA-1782",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1782"
},
{
"name" : "GLSA-200903-33",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-33.xml"
},
{
"name" : "MDVSA-2009:013",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:013"
},
{
"name" : "MDVSA-2009:015",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:015"
},
{
"name" : "USN-734-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-734-1"
},
{
"name" : "33308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33308"
},
{
"name" : "34296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34296"
},
{
"name" : "34385",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34385"
},
{
"name" : "34845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34845"
},
{
"name" : "ffmpeg-utils-multiple-bo(46322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ffmpeg-utils-multiple-bo(46322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46322"
},
{
"name": "34845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34845"
},
{
"name": "[ffmpeg-cvslog] 20080812 r14714 - trunk/libavformat/utils.c",
"refsource": "MLIST",
"url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html"
},
{
"name": "MDVSA-2009:013",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:013"
},
{
"name": "MDVSA-2009:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:015"
},
{
"name": "33308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33308"
},
{
"name": "20080905 [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html"
},
{
"name": "USN-734-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-734-1"
},
{
"name": "[ffmpeg-cvslog] 20080812 r14715 - trunk/libavformat/avformat.h",
"refsource": "MLIST",
"url": "http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html"
},
{
"name": "DSA-1782",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1782"
},
{
"name": "[oss-security] 20081029 Fwd: [Full-disclosure] [PLSA 2008-36] Ffmpeg: Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/29/6"
},
{
"name": "34385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34385"
},
{
"name": "GLSA-200903-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-33.xml"
},
{
"name": "34296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34296"
}
]
}
}

180
2008/4xxx/CVE-2008-4966.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://uvw.ru/report.lenny.txt",
"refsource" : "MISC",
"url" : "http://uvw.ru/report.lenny.txt"
},
{
"name" : "http://bugs.debian.org/496376",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/496376"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/linux-patch-openswan",
"refsource" : "CONFIRM",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/linux-patch-openswan"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name" : "30918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30918"
},
{
"name" : "linuxpatchopenswan-maysnap-maytest-symlink(44823)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "30918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30918"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/linux-patch-openswan",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/linux-patch-openswan"
},
{
"name": "http://bugs.debian.org/496376",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496376"
},
{
"name": "linuxpatchopenswan-maysnap-maytest-symlink(44823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44823"
}
]
}
}

130
2008/6xxx/CVE-2008-6016.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "31721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31721"
},
{
"name" : "esfaq-cid-sql-injection(48535)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31721"
},
{
"name": "esfaq-cid-sql-injection(48535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48535"
}
]
}
}

160
2008/7xxx/CVE-2008-7163.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4854",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4854"
},
{
"name" : "27156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27156"
},
{
"name" : "40084",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40084"
},
{
"name" : "28305",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28305"
},
{
"name" : "sinecms-index-file-include(39446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27156"
},
{
"name": "4854",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4854"
},
{
"name": "40084",
"refsource": "OSVDB",
"url": "http://osvdb.org/40084"
},
{
"name": "sinecms-index-file-include(39446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
},
{
"name": "28305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28305"
}
]
}
}

230
2008/7xxx/CVE-2008-7258.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100726 CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128013391907262&w=2"
},
{
"name" : "[oss-security] 20100726 Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128017258305041&w=2"
},
{
"name" : "[oss-security] 20100802 Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128077707318085&w=2"
},
{
"name" : "[oss-security] 20100819 Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/19/6"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7258",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7258"
},
{
"name" : "http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize",
"refsource" : "CONFIRM",
"url" : "http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=582236",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=582236"
},
{
"name" : "FEDORA-2010-11811",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045422.html"
},
{
"name" : "FEDORA-2010-11836",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045407.html"
},
{
"name" : "41965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41965"
},
{
"name" : "41009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41965"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7258",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7258"
},
{
"name": "FEDORA-2010-11811",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045422.html"
},
{
"name": "http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize",
"refsource": "CONFIRM",
"url": "http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize"
},
{
"name": "[oss-security] 20100726 Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128017258305041&w=2"
},
{
"name": "[oss-security] 20100819 Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/19/6"
},
{
"name": "FEDORA-2010-11836",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045407.html"
},
{
"name": "41009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41009"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=582236",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=582236"
},
{
"name": "[oss-security] 20100726 CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128013391907262&w=2"
},
{
"name": "[oss-security] 20100802 Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128077707318085&w=2"
}
]
}
}

140
2013/2xxx/CVE-2013-2033.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
"refsource" : "CONFIRM",
"url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name" : "92982",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/92982"
},
{
"name" : "jenkins-cve20132033-xss(84004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "jenkins-cve20132033-xss(84004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84004"
},
{
"name": "92982",
"refsource": "OSVDB",
"url": "http://osvdb.org/92982"
}
]
}
}

260
2013/2xxx/CVE-2013-2449.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975145",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975145"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name" : "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2013-0185.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02907",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
},
{
"name" : "MDVSA-2013:183",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name" : "RHSA-2013:0963",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
},
{
"name" : "RHSA-2013:1060",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name" : "SUSE-SU-2013:1257",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name" : "TA13-169A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name" : "oval:org.mitre.oval:def:17192",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17192"
},
{
"name" : "oval:org.mitre.oval:def:18717",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18717"
},
{
"name" : "54154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54154"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=975145",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=975145"
},
{
"name": "RHSA-2013:1060",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"name": "SUSE-SU-2013:1257",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name": "HPSBUX02907",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
},
{
"name": "oval:org.mitre.oval:def:17192",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17192"
},
{
"name": "54154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54154"
},
{
"name": "TA13-169A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name": "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2013-0185.html"
},
{
"name": "RHSA-2013:0963",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
},
{
"name": "oval:org.mitre.oval:def:18717",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18717"
},
{
"name": "MDVSA-2013:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
}
]
}
}

34
2013/2xxx/CVE-2013-2684.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2684",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2684",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2013/2xxx/CVE-2013-2751.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the \"forgot password workflow.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "29815",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/29815"
},
{
"name" : "http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html"
},
{
"name" : "http://www.readynas.com/?p=7002",
"refsource" : "MISC",
"url" : "http://www.readynas.com/?p=7002"
},
{
"name" : "http://www.tripwire.com/register/security-advisory-netgear-readynas/",
"refsource" : "MISC",
"url" : "http://www.tripwire.com/register/security-advisory-netgear-readynas/"
},
{
"name" : "http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/",
"refsource" : "MISC",
"url" : "http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/"
},
{
"name" : "98826",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/98826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the \"forgot password workflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html"
},
{
"name": "http://www.tripwire.com/register/security-advisory-netgear-readynas/",
"refsource": "MISC",
"url": "http://www.tripwire.com/register/security-advisory-netgear-readynas/"
},
{
"name": "http://www.readynas.com/?p=7002",
"refsource": "MISC",
"url": "http://www.readynas.com/?p=7002"
},
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/"
},
{
"name": "98826",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/98826"
},
{
"name": "29815",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29815"
}
]
}
}

34
2013/6xxx/CVE-2013-6098.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6098",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6098",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/6xxx/CVE-2013-6185.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6185",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6185",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

160
2013/6xxx/CVE-2013-6194.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-6194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "31181",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/31181"
},
{
"name" : "HPSBMU02895",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "SSRT101233",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "SSRT101253",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "101630",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/101630"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02895",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name": "SSRT101233",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name": "SSRT101253",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name": "101630",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/101630"
},
{
"name": "31181",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31181"
}
]
}
}

130
2013/6xxx/CVE-2013-6200.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX02963",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04103553"
},
{
"name" : "SSRT101297",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04103553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101297",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04103553"
},
{
"name": "HPSBUX02963",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04103553"
}
]
}
}

130
2013/6xxx/CVE-2013-6732.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662856",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662856"
},
{
"name" : "ibm-cognos-cve20136732-xss(89394)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89394"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-cognos-cve20136732-xss(89394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89394"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662856"
}
]
}
}

130
2013/6xxx/CVE-2013-6838.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified Enghouse Interactive Professional Services \"addon product\" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140114 [CVE-2013-6838] Enghouse Interactive IVR Pro (VIP2000) remote root authentication bypass Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jan/103"
},
{
"name" : "https://xpd.se/advisories/XPD-2013-001.txt",
"refsource" : "MISC",
"url" : "https://xpd.se/advisories/XPD-2013-001.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified Enghouse Interactive Professional Services \"addon product\" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xpd.se/advisories/XPD-2013-001.txt",
"refsource": "MISC",
"url": "https://xpd.se/advisories/XPD-2013-001.txt"
},
{
"name": "20140114 [CVE-2013-6838] Enghouse Interactive IVR Pro (VIP2000) remote root authentication bypass Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jan/103"
}
]
}
}

300
2013/7xxx/CVE-2013-7027.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5563318ff1bde15b10e736e97ffce13be08bc1a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5563318ff1bde15b10e736e97ffce13be08bc1a"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7"
},
{
"name" : "https://github.com/torvalds/linux/commit/f5563318ff1bde15b10e736e97ffce13be08bc1a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f5563318ff1bde15b10e736e97ffce13be08bc1a"
},
{
"name" : "openSUSE-SU-2014:0247",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html"
},
{
"name" : "openSUSE-SU-2014:0204",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
},
{
"name" : "USN-2066-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2066-1"
},
{
"name" : "USN-2067-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2067-1"
},
{
"name" : "USN-2068-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"name" : "USN-2069-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2069-1"
},
{
"name" : "USN-2071-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"name" : "USN-2072-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"name" : "USN-2073-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2073-1"
},
{
"name" : "USN-2074-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"name" : "USN-2076-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"name" : "USN-2128-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2128-1"
},
{
"name" : "USN-2129-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2129-1"
},
{
"name" : "64013",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64013"
},
{
"name" : "1029413",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029413"
},
{
"name" : "55606",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html"
},
{
"name": "USN-2129-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2129-1"
},
{
"name": "USN-2128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2128-1"
},
{
"name": "55606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55606"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7"
},
{
"name": "USN-2073-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2073-1"
},
{
"name": "1029413",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029413"
},
{
"name": "USN-2076-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"name": "USN-2069-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2069-1"
},
{
"name": "64013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64013"
},
{
"name": "USN-2066-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2066-1"
},
{
"name": "USN-2071-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"name": "https://github.com/torvalds/linux/commit/f5563318ff1bde15b10e736e97ffce13be08bc1a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f5563318ff1bde15b10e736e97ffce13be08bc1a"
},
{
"name": "USN-2074-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5563318ff1bde15b10e736e97ffce13be08bc1a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5563318ff1bde15b10e736e97ffce13be08bc1a"
},
{
"name": "USN-2068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"name": "openSUSE-SU-2014:0204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
},
{
"name": "USN-2072-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"name": "USN-2067-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2067-1"
}
]
}
}

34
2013/7xxx/CVE-2013-7101.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7101",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7101",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/7xxx/CVE-2013-7283.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Swan-announce] 20131211 Libreswan 3.7 released",
"refsource" : "MLIST",
"url" : "https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html"
},
{
"name" : "https://github.com/libreswan/libreswan/commit/ef2d756e73a188401c36133c2e2f7ce4f3c6ae55",
"refsource" : "CONFIRM",
"url" : "https://github.com/libreswan/libreswan/commit/ef2d756e73a188401c36133c2e2f7ce4f3c6ae55"
},
{
"name" : "101575",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/101575"
},
{
"name" : "56276",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56276"
},
{
"name": "[Swan-announce] 20131211 Libreswan 3.7 released",
"refsource": "MLIST",
"url": "https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html"
},
{
"name": "101575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/101575"
},
{
"name": "https://github.com/libreswan/libreswan/commit/ef2d756e73a188401c36133c2e2f7ce4f3c6ae55",
"refsource": "CONFIRM",
"url": "https://github.com/libreswan/libreswan/commit/ef2d756e73a188401c36133c2e2f7ce4f3c6ae55"
}
]
}
}

142
2017/10xxx/CVE-2017-10025.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BI Publisher (formerly XML Publisher)",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.1.1.7.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BI Publisher (formerly XML Publisher)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.1.7.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99697"
},
{
"name" : "1038940",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99697"
},
{
"name": "1038940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038940"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10082.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Agile PLM Framework",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "9.3.5"
},
{
"version_affected" : "=",
"version_value" : "9.3.6"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agile PLM Framework",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.3.5"
},
{
"version_affected": "=",
"version_value": "9.3.6"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99673",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99673"
},
{
"name" : "1038947",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038947"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "99673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99673"
}
]
}
}

220
2017/10xxx/CVE-2017-10118.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 7u141"
},
{
"version_affected" : "=",
"version_value" : "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 7u141"
},
{
"version_affected": "=",
"version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20170720-0001/"
},
{
"name" : "https://cert.vde.com/en-us/advisories/vde-2017-002",
"refsource" : "CONFIRM",
"url" : "https://cert.vde.com/en-us/advisories/vde-2017-002"
},
{
"name" : "DSA-3919",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3919"
},
{
"name" : "DSA-3954",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3954"
},
{
"name" : "GLSA-201709-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-22"
},
{
"name" : "RHSA-2017:1790",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1790"
},
{
"name" : "RHSA-2017:1791",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1791"
},
{
"name" : "99782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99782"
},
{
"name" : "1038931",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1791"
},
{
"name": "RHSA-2017:1790",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1790"
},
{
"name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
},
{
"name": "1038931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038931"
},
{
"name": "GLSA-201709-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-22"
},
{
"name": "99782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99782"
},
{
"name": "DSA-3919",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3919"
},
{
"name": "DSA-3954",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3954"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10629.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10629",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10629",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/10xxx/CVE-2017-10937.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@zte.com.cn",
"DATE_PUBLIC" : "2017-12-08T00:00:00",
"ID" : "CVE-2017-10937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ZXIPTV-UCM",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to V2.01.05.09"
}
]
}
}
]
},
"vendor_name" : "ZTE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL injection"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC": "2017-12-08T00:00:00",
"ID": "CVE-2017-10937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXIPTV-UCM",
"version": {
"version_data": [
{
"version_value": "All versions prior to V2.01.05.09"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782",
"refsource" : "CONFIRM",
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782"
}
]
}
}

152
2017/14xxx/CVE-2017-14448.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-03-01T00:00:00",
"ID" : "CVE-2017-14448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Simple DirectMedia Layer",
"version" : {
"version_data" : [
{
"version_value" : "SDL2_image 2.0.2"
}
]
}
}
]
},
"vendor_name" : "Sam Lantinga and Mattias Engdegård"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-03-01T00:00:00",
"ID": "CVE-2017-14448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple DirectMedia Layer",
"version": {
"version_data": [
{
"version_value": "SDL2_image 2.0.2"
}
]
}
}
]
},
"vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
},
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
},
{
"name" : "DSA-4177",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4177"
},
{
"name" : "DSA-4184",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4177",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4177"
},
{
"name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497"
},
{
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
}
]
}
}

140
2017/14xxx/CVE-2017-14531.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/718",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/718"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
},
{
"name" : "100888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100888"
},
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/718",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/718"
}
]
}
}

120
2017/14xxx/CVE-2017-14630.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/pts/sam2p/issues/14",
"refsource" : "MISC",
"url" : "https://github.com/pts/sam2p/issues/14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pts/sam2p/issues/14",
"refsource": "MISC",
"url": "https://github.com/pts/sam2p/issues/14"
}
]
}
}

220
2017/14xxx/CVE-2017-14746.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.samba.org/samba/security/CVE-2017-14746.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2017-14746.html"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_17_72_Samba",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_17_72_Samba"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us"
},
{
"name" : "DSA-4043",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4043"
},
{
"name" : "GLSA-201805-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-07"
},
{
"name" : "RHSA-2017:3260",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3260"
},
{
"name" : "RHSA-2017:3261",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3261"
},
{
"name" : "RHSA-2017:3278",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3278"
},
{
"name" : "USN-3486-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3486-1"
},
{
"name" : "101907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101907"
},
{
"name" : "1039856",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039856"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.samba.org/samba/security/CVE-2017-14746.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2017-14746.html"
},
{
"name": "RHSA-2017:3278",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3278"
},
{
"name": "DSA-4043",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4043"
},
{
"name": "RHSA-2017:3260",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3260"
},
{
"name": "1039856",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039856"
},
{
"name": "101907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101907"
},
{
"name": "RHSA-2017:3261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3261"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us"
},
{
"name": "GLSA-201805-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-07"
},
{
"name": "USN-3486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3486-1"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_72_Samba",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_72_Samba"
}
]
}
}

122
2017/17xxx/CVE-2017-17310.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2018-04-18T00:00:00",
"ID" : "CVE-2017-17310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300, RP200, TE30, TE40, TE50, TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Electronic Numbers to URI Mapping (ENUM) module in some Huawei products DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a buffer error vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the packets, successful exploit may cause buffer error and some services abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer error"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-04-18T00:00:00",
"ID": "CVE-2017-17310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300, RP200, TE30, TE40, TE50, TE60",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-enum-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-enum-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electronic Numbers to URI Mapping (ENUM) module in some Huawei products DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a buffer error vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the packets, successful exploit may cause buffer error and some services abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-enum-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-enum-en"
}
]
}
}

130
2017/9xxx/CVE-2017-9070.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://citadelo.com/en/2017/04/modx-revolution-cms/",
"refsource" : "MISC",
"url" : "https://citadelo.com/en/2017/04/modx-revolution-cms/"
},
{
"name" : "https://github.com/modxcms/revolution/pull/13415",
"refsource" : "MISC",
"url" : "https://github.com/modxcms/revolution/pull/13415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://citadelo.com/en/2017/04/modx-revolution-cms/",
"refsource": "MISC",
"url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"
},
{
"name": "https://github.com/modxcms/revolution/pull/13415",
"refsource": "MISC",
"url": "https://github.com/modxcms/revolution/pull/13415"
}
]
}
}

150
2017/9xxx/CVE-2017-9143.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/456",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/456"
},
{
"name" : "DSA-3863",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3863"
},
{
"name" : "98682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98682"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/456",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/456"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4"
},
{
"name": "98682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98682"
},
{
"name": "DSA-3863",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3863"
}
]
}
}

130
2017/9xxx/CVE-2017-9410.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42390",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42390/"
},
{
"name" : "http://seclists.org/fulldisclosure/2017/Jul/63",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jul/63"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/63",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/63"
},
{
"name": "42390",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42390/"
}
]
}
}

120
2017/9xxx/CVE-2017-9832.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceforge.net/p/libmtp/mailman/message/35729062",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/libmtp/mailman/message/35729062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/libmtp/mailman/message/35729062",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libmtp/mailman/message/35729062"
}
]
}
}

306
2018/0xxx/CVE-2018-0056.json
View File

@ -1,155 +1,155 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0056",
"STATE" : "PUBLIC",
"TITLE" : "MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "15.1",
"version_value" : "15.1R7-S1"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "16.1",
"version_value" : "16.1R4-S12, 16.1R6-S6"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "16.2",
"version_value" : "16.2R2-S7"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.1",
"version_value" : "17.1R2-S9"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.2",
"version_value" : "17.2R1-S7, 17.2R2-S6"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.3",
"version_value" : "17.3R2-S4, 17.3R3-S1"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "17.4",
"version_value" : "17.4R1-S5"
},
{
"affected" : "<",
"platform" : "MX Series",
"version_name" : "18.1",
"version_value" : "18.1R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0056",
"STATE": "PUBLIC",
"TITLE": "MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "MX Series",
"version_name": "15.1",
"version_value": "15.1R7-S1"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "16.1",
"version_value": "16.1R4-S12, 16.1R6-S6"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "16.2",
"version_value": "16.2R2-S7"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.1",
"version_value": "17.1R2-S9"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.2",
"version_value": "17.2R1-S7, 17.2R2-S6"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.3",
"version_value": "17.3R2-S4, 17.3R3-S1"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "17.4",
"version_value": "17.4R1-S5"
},
{
"affected": "<",
"platform": "MX Series",
"version_name": "18.1",
"version_value": "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10890",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10890"
},
{
"name" : "1041857",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041857"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 15.1R7-S1, 16.1R4-S12, 16.1R6-S6, 16.1R7, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3-S1, 17.4R1-S5, 17.4R2, 18.1R2, 18.2R1, and all subsequent releases.\n\nThis fix has also been proactively committed into Junos OS: 15.1X49-D150, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68, 18.2X75-D5, and all subsequent releases."
}
],
"source" : {
"advisory" : "JSA10890",
"defect" : [
"1338688"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : "There are no viable workarounds for this issue"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon (L2ALD) daemon might crash when attempting to delete the duplicate MAC address when the particular entry is not found in the internal MAC address table. This issue only occurs on MX Series devices with l2-backhaul VPN configured. No other products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S1 on MX Series; 16.1 versions prior to 16.1R4-S12, 16.1R6-S6 on MX Series; 16.2 versions prior to 16.2R2-S7 on MX Series; 17.1 versions prior to 17.1R2-S9 on MX Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6 on MX Series; 17.3 versions prior to 17.3R2-S4, 17.3R3-S1 on MX Series; 17.4 versions prior to 17.4R1-S5 on MX Series; 18.1 versions prior to 18.1R2 on MX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10890",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10890"
},
{
"name": "1041857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041857"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S1, 16.1R4-S12, 16.1R6-S6, 16.1R7, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.3R2-S4, 17.3R3-S1, 17.4R1-S5, 17.4R2, 18.1R2, 18.2R1, and all subsequent releases.\n\nThis fix has also been proactively committed into Junos OS: 15.1X49-D150, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68, 18.2X75-D5, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10890",
"defect": [
"1338688"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue"
}
]
}

140
2018/0xxx/CVE-2018-0159.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS and IOS XE",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IOS and IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE",
"version": {
"version_data": [
{
"version_value": "Cisco IOS and IOS XE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos"
},
{
"name" : "103562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103562"
},
{
"name" : "1040595",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103562"
},
{
"name": "1040595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040595"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos"
}
]
}
}

130
2018/0xxx/CVE-2018-0614.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Calsos CSDX and CSDJ series products",
"version" : {
"version_data" : [
{
"version_value" : "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
}
}
]
},
"vendor_name" : "NEC Platforms, Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calsos CSDX and CSDJ series products",
"version": {
"version_data": [
{
"version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
}
]
}
}
]
},
"vendor_name": "NEC Platforms, Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
"refsource" : "CONFIRM",
"url" : "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name" : "JVN#63895206",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
"refsource": "CONFIRM",
"url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
},
{
"name": "JVN#63895206",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63895206/index.html"
}
]
}
}

130
2018/0xxx/CVE-2018-0656.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "The installer of Digital Paper App",
"version" : {
"version_data" : [
{
"version_value" : "version 1.4.0.16050 and earlier"
}
]
}
}
]
},
"vendor_name" : "Sony Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of Digital Paper App",
"version": {
"version_data": [
{
"version_value": "version 1.4.0.16050 and earlier"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB.",
"refsource" : "CONFIRM",
"url" : "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB."
},
{
"name" : "JVN#75700242",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN75700242/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB.",
"refsource": "CONFIRM",
"url": "https://esupport.sony.com/US/p/swu-download.pl?upd_id=10998&PASSVAL2=SMB."
},
{
"name": "JVN#75700242",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75700242/index.html"
}
]
}
}

130
2018/0xxx/CVE-2018-0674.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AttacheCase",
"version" : {
"version_data" : [
{
"version_value" : "ver.2.8.4.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "HiBARA Software"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AttacheCase",
"version": {
"version_data": [
{
"version_value": "ver.2.8.4.0 and earlier"
}
]
}
}
]
},
"vendor_name": "HiBARA Software"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hibara.org/software/attachecase/?lang=en",
"refsource" : "CONFIRM",
"url" : "https://hibara.org/software/attachecase/?lang=en"
},
{
"name" : "JVN#02037158",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN02037158/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02037158",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02037158/index.html"
},
{
"name": "https://hibara.org/software/attachecase/?lang=en",
"refsource": "CONFIRM",
"url": "https://hibara.org/software/attachecase/?lang=en"
}
]
}
}

122
2018/0xxx/CVE-2018-0718.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@qnapsecurity.com.tw",
"DATE_PUBLIC" : "2018-09-14T00:00:00",
"ID" : "CVE-2018-0718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Music Station",
"version" : {
"version_data" : [
{
"version_value" : "5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4"
}
]
}
}
]
},
"vendor_name" : "QNAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-09-14T00:00:00",
"ID": "CVE-2018-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Music Station",
"version": {
"version_data": [
{
"version_value": "5.1.2 and earlier versions in QTS 4.3.3 and 4.3.4"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-14"
}
]
}
}

34
2018/0xxx/CVE-2018-0720.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0720",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0720",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/0xxx/CVE-2018-0795.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00",
"ID" : "CVE-2018-0795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795"
},
{
"name" : "102356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102356"
},
{
"name" : "1040153",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102356"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000655.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-19T17:09:33.128233",
"DATE_REQUESTED" : "2018-08-14T09:23:34",
"ID" : "CVE-2018-1000655",
"REQUESTER" : "m.dominiak@samsung.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jsish",
"version" : {
"version_data" : [
{
"version_value" : "2.4.65"
}
]
}
}
]
},
"vendor_name" : "Jsish"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-476: NULL Pointer Dereference"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.128233",
"DATE_REQUESTED": "2018-08-14T09:23:34",
"ID": "CVE-2018-1000655",
"REQUESTER": "m.dominiak@samsung.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jsish.org/fossil/jsi/tktview/3b8f95574f2c9dddf5ffea71e0086b2e6f6dd71e",
"refsource" : "CONFIRM",
"url" : "https://jsish.org/fossil/jsi/tktview/3b8f95574f2c9dddf5ffea71e0086b2e6f6dd71e"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jsish.org/fossil/jsi/tktview/3b8f95574f2c9dddf5ffea71e0086b2e6f6dd71e",
"refsource": "CONFIRM",
"url": "https://jsish.org/fossil/jsi/tktview/3b8f95574f2c9dddf5ffea71e0086b2e6f6dd71e"
}
]
}
}

129
2018/1000xxx/CVE-2018-1000669.json
View File

@ -1,68 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-09-03T16:07:16.979484",
"DATE_REQUESTED" : "2018-08-24T17:46:09",
"ID" : "CVE-2018-1000669",
"REQUESTER" : "jiakyooi95@hotmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "KOHA Library System",
"version" : {
"version_data" : [
{
"version_value" : "16.11.x (up until 16.11.13)"
},
{
"version_value" : "17.05.x (up until 17.05.05)"
}
]
}
}
]
},
"vendor_name" : "KOHA Library System"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross ite Request Forgery (CSRF)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.979484",
"DATE_REQUESTED": "2018-08-24T17:46:09",
"ID": "CVE-2018-1000669",
"REQUESTER": "jiakyooi95@hotmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117"
}
]
}
}

232
2018/16xxx/CVE-2018-16876.json
View File

@ -1,118 +1,118 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ansible",
"version" : {
"version_data" : [
{
"version_value" : "before 2.5.14"
},
{
"version_value" : "before 2.6.11"
},
{
"version_value" : "before 2.7.5"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "before 2.5.14"
},
{
"version_value": "before 2.6.11"
},
{
"version_value": "before 2.7.5"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ansible/ansible/pull/49569",
"refsource" : "MISC",
"url" : "https://github.com/ansible/ansible/pull/49569"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876"
},
{
"name" : "DSA-4396",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4396"
},
{
"name" : "RHSA-2018:3835",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3835"
},
{
"name" : "RHSA-2018:3836",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3836"
},
{
"name" : "RHSA-2018:3837",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3837"
},
{
"name" : "RHSA-2018:3838",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3838"
},
{
"name" : "RHSA-2019:0564",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0564"
},
{
"name" : "106225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106225"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3838",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3838"
},
{
"name": "RHSA-2019:0564",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0564"
},
{
"name": "106225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106225"
},
{
"name": "RHSA-2018:3836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3836"
},
{
"name": "RHSA-2018:3835",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3835"
},
{
"name": "https://github.com/ansible/ansible/pull/49569",
"refsource": "MISC",
"url": "https://github.com/ansible/ansible/pull/49569"
},
{
"name": "RHSA-2018:3837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3837"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876"
},
{
"name": "DSA-4396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4396"
}
]
}
}

120
2018/19xxx/CVE-2018-19249.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fredmooredamian.blogspot.com/2019/01/improper-authentication-on-stripe-api-v1.html",
"refsource" : "MISC",
"url" : "https://fredmooredamian.blogspot.com/2019/01/improper-authentication-on-stripe-api-v1.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fredmooredamian.blogspot.com/2019/01/improper-authentication-on-stripe-api-v1.html",
"refsource": "MISC",
"url": "https://fredmooredamian.blogspot.com/2019/01/improper-authentication-on-stripe-api-v1.html"
}
]
}
}

34
2018/19xxx/CVE-2018-19270.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19270",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16276. Reason: This candidate is a reservation duplicate of CVE-2018-16276. Notes: All CVE users should reference CVE-2018-16276 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-19270",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16276. Reason: This candidate is a reservation duplicate of CVE-2018-16276. Notes: All CVE users should reference CVE-2018-16276 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2018/19xxx/CVE-2018-19492.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html"
},
{
"name" : "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html"
},
{
"name" : "https://sourceforge.net/p/gnuplot/bugs/2089/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/gnuplot/bugs/2089/"
},
{
"name" : "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA 1597-1] gnuplot security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00035.html"
},
{
"name": "https://sourceforge.net/p/gnuplot/bugs/2089/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/gnuplot/bugs/2089/"
},
{
"name": "[debian-lts-announce] 20181125 [SECURITY] [DLA 1595-1] gnuplot5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00031.html"
}
]
}
}

150
2018/4xxx/CVE-2018-4189.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208463",
"refsource" : "MISC",
"url" : "https://support.apple.com/HT208463"
},
{
"name" : "https://support.apple.com/HT208464",
"refsource" : "MISC",
"url" : "https://support.apple.com/HT208464"
},
{
"name" : "https://support.apple.com/HT208465",
"refsource" : "MISC",
"url" : "https://support.apple.com/HT208465"
},
{
"name" : "https://support.apple.com/HT208462",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208462"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208462",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208462"
},
{
"name": "https://support.apple.com/HT208463",
"refsource": "MISC",
"url": "https://support.apple.com/HT208463"
},
{
"name": "https://support.apple.com/HT208464",
"refsource": "MISC",
"url": "https://support.apple.com/HT208464"
},
{
"name": "https://support.apple.com/HT208465",
"refsource": "MISC",
"url": "https://support.apple.com/HT208465"
}
]
}
}

34
2018/4xxx/CVE-2018-4322.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4322",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4322",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4567.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4567",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4567",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4726.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4726",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4726",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4974.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104169"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104169"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}