admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:23:21 +00:00
parent 954d23375b
commit 7b32648923
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4601 additions and 4601 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

270
2004/1xxx/CVE-2004-1019.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger \"information disclosure, double-free and negative reference index array underflow\" results."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110314318531298&w=2"
},
{
"name" : "http://www.hardened-php.net/advisories/012004.txt",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisories/012004.txt"
},
{
"name" : "http://www.php.net/release_4_3_10.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_4_3_10.php"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "FLSA:2344",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2344"
},
{
"name" : "HPSBMA01212",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/9028"
},
{
"name" : "MDKSA-2004:151",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151"
},
{
"name" : "OpenPKG-SA-2004.053",
"refsource" : "OPENPKG",
"url" : "http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html"
},
{
"name" : "RHSA-2004:687",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-687.html"
},
{
"name" : "RHSA-2005:032",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-032.html"
},
{
"name" : "RHSA-2005:816",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html"
},
{
"name" : "SUSE-SA:2005:002",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html"
},
{
"name" : "SUSE-SU-2015:0365",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html"
},
{
"name" : "openSUSE-SU-2015:0325",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html"
},
{
"name" : "oval:org.mitre.oval:def:10511",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511"
},
{
"name" : "php-unserialize-code-execution(18514)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger \"information disclosure, double-free and negative reference index array underflow\" results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:032",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-032.html"
},
{
"name": "php-unserialize-code-execution(18514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18514"
},
{
"name": "SUSE-SU-2015:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html"
},
{
"name": "SUSE-SA:2005:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html"
},
{
"name": "http://www.php.net/release_4_3_10.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_4_3_10.php"
},
{
"name": "openSUSE-SU-2015:0325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html"
},
{
"name": "oval:org.mitre.oval:def:10511",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10511"
},
{
"name": "RHSA-2005:816",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"
},
{
"name": "MDKSA-2004:151",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151"
},
{
"name": "http://www.hardened-php.net/advisories/012004.txt",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisories/012004.txt"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "FLSA:2344",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"
},
{
"name": "OpenPKG-SA-2004.053",
"refsource": "OPENPKG",
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html"
},
{
"name": "HPSBMA01212",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/9028"
},
{
"name": "RHSA-2004:687",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"
},
{
"name": "20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110314318531298&w=2"
}
]
}
}

190
2004/1xxx/CVE-2004-1037.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041112 TWiki search function allows arbitrary shell command execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110037207516456&w=2"
},
{
"name" : "20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch",
"refsource" : "CONFIRM",
"url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"name" : "CLA-2005:918",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000918"
},
{
"name" : "GLSA-200411-33",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"name" : "P-039",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-039.shtml"
},
{
"name" : "11674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11674"
},
{
"name" : "twik-search-command-execution(18062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:918",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000918"
},
{
"name": "11674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11674"
},
{
"name": "twik-search-command-execution(18062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"name": "20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"name": "GLSA-200411-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"name": "20041112 TWiki search function allows arbitrary shell command execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110037207516456&w=2"
},
{
"name": "P-039",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-039.shtml"
}
]
}
}

210
2004/1xxx/CVE-2004-1145.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.heise.de/security/dienste/browsercheck/tests/java.shtml",
"refsource" : "MISC",
"url" : "http://www.heise.de/security/dienste/browsercheck/tests/java.shtml"
},
{
"name" : "20041220 KDE Security Advisory: Konqueror Java Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110356286722875&w=2"
},
{
"name" : "http://www.kde.org/info/security/advisory-20041220-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20041220-1.txt"
},
{
"name" : "GLSA-200501-16",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml"
},
{
"name" : "MDKSA-2004:154",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:154"
},
{
"name" : "RHSA-2005:065",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"name" : "VU#420222",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/420222"
},
{
"name" : "oval:org.mitre.oval:def:10173",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173"
},
{
"name" : "13586",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13586"
},
{
"name" : "konqueror-sandbox-restriction-bypass(18596)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"name": "20041220 KDE Security Advisory: Konqueror Java Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110356286722875&w=2"
},
{
"name": "konqueror-sandbox-restriction-bypass(18596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18596"
},
{
"name": "http://www.heise.de/security/dienste/browsercheck/tests/java.shtml",
"refsource": "MISC",
"url": "http://www.heise.de/security/dienste/browsercheck/tests/java.shtml"
},
{
"name": "GLSA-200501-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml"
},
{
"name": "13586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13586"
},
{
"name": "MDKSA-2004:154",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:154"
},
{
"name": "http://www.kde.org/info/security/advisory-20041220-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20041220-1.txt"
},
{
"name": "oval:org.mitre.oval:def:10173",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173"
},
{
"name": "VU#420222",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/420222"
}
]
}
}

150
2004/1xxx/CVE-2004-1681.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040913 [RLSA_02-2004] QNX Photon multiple buffer overflows",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109510393407597&w=2"
},
{
"name" : "http://www.rfdslabs.com.br/qnx-advs-03-2004.txt",
"refsource" : "MISC",
"url" : "http://www.rfdslabs.com.br/qnx-advs-03-2004.txt"
},
{
"name" : "11164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11164"
},
{
"name" : "qnx-rtp-photon-bo(17339)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rfdslabs.com.br/qnx-advs-03-2004.txt",
"refsource": "MISC",
"url": "http://www.rfdslabs.com.br/qnx-advs-03-2004.txt"
},
{
"name": "20040913 [RLSA_02-2004] QNX Photon multiple buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109510393407597&w=2"
},
{
"name": "11164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11164"
},
{
"name": "qnx-rtp-photon-bo(17339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17339"
}
]
}
}

170
2004/1xxx/CVE-2004-1868.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040325 eSignal v7 remote buffer overflow (exploit)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108025234317408&w=2"
},
{
"name" : "http://viziblesoft.com/insect/advisories/vz012004-esignal7.txt",
"refsource" : "MISC",
"url" : "http://viziblesoft.com/insect/advisories/vz012004-esignal7.txt"
},
{
"name" : "20040406 Re: eSignal v7 remote buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0056.html"
},
{
"name" : "9978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9978"
},
{
"name" : "11222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11222"
},
{
"name" : "esignal-specs-bo(15624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040406 Re: eSignal v7 remote buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0056.html"
},
{
"name": "esignal-specs-bo(15624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15624"
},
{
"name": "9978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9978"
},
{
"name": "20040325 eSignal v7 remote buffer overflow (exploit)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108025234317408&w=2"
},
{
"name": "http://viziblesoft.com/insect/advisories/vz012004-esignal7.txt",
"refsource": "MISC",
"url": "http://viziblesoft.com/insect/advisories/vz012004-esignal7.txt"
},
{
"name": "11222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11222"
}
]
}
}

160
2004/1xxx/CVE-2004-1927.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108180073206947&w=2"
},
{
"name" : "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource" : "CONFIRM",
"url" : "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name" : "10100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10100"
},
{
"name" : "11344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11344"
},
{
"name" : "tikiwiki-tikimap-file-disclosure(15848)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10100"
},
{
"name": "20040412 Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108180073206947&w=2"
},
{
"name": "11344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11344"
},
{
"name": "http://tikiwiki.org/tiki-read_article.php?articleId=66",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/tiki-read_article.php?articleId=66"
},
{
"name": "tikiwiki-tikimap-file-disclosure(15848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15848"
}
]
}
}

240
2008/0xxx/CVE-2008-0454.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080117 RE: Skype videomood XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"name" : "20080117 Re: Skype videomood XSS",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name" : "20080117 Skype videomood XSS",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"name" : "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx",
"refsource" : "MISC",
"url" : "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name" : "http://www.critical.lt/?opinions/show/1470",
"refsource" : "MISC",
"url" : "http://www.critical.lt/?opinions/show/1470"
},
{
"name" : "http://www.gnucitizen.org/blog/vulnerabilities-in-skype",
"refsource" : "MISC",
"url" : "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"name" : "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html",
"refsource" : "CONFIRM",
"url" : "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name" : "http://skype.com/security/skype-sb-2008-001-update1.html",
"refsource" : "CONFIRM",
"url" : "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"name" : "http://skype.com/security/skype-sb-2008-001.html",
"refsource" : "CONFIRM",
"url" : "http://skype.com/security/skype-sb-2008-001.html"
},
{
"name" : "VU#248184",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/248184"
},
{
"name" : "27338",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27338"
},
{
"name" : "ADV-2008-0194",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0194"
},
{
"name" : "skype-addvideotochat-code-execution(39754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the \"Add video to chat\" dialog, aka \"videomood XSS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "skype-addvideotochat-code-execution(39754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39754"
},
{
"name": "20080117 Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0337.html"
},
{
"name": "http://www.critical.lt/?opinions/show/1470",
"refsource": "MISC",
"url": "http://www.critical.lt/?opinions/show/1470"
},
{
"name": "20080117 RE: Skype videomood XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486512/100/0/threaded"
},
{
"name": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx"
},
{
"name": "20080117 Re: Skype videomood XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0363.html"
},
{
"name": "27338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27338"
},
{
"name": "VU#248184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248184"
},
{
"name": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/vulnerabilities-in-skype"
},
{
"name": "http://skype.com/security/skype-sb-2008-001-update1.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001-update1.html"
},
{
"name": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html",
"refsource": "CONFIRM",
"url": "http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html"
},
{
"name": "ADV-2008-0194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0194"
},
{
"name": "http://skype.com/security/skype-sb-2008-001.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2008-001.html"
}
]
}
}

180
2008/0xxx/CVE-2008-0806.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=433719",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=433719"
},
{
"name" : "FEDORA-2008-1963",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00825.html"
},
{
"name" : "FEDORA-2008-1986",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00841.html"
},
{
"name" : "27848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27848"
},
{
"name" : "29009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29009"
},
{
"name" : "29113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29113"
},
{
"name": "29009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29009"
},
{
"name": "27848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27848"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382"
},
{
"name": "FEDORA-2008-1963",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00825.html"
},
{
"name": "FEDORA-2008-1986",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00841.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=433719",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433719"
}
]
}
}

190
2008/3xxx/CVE-2008-3009.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka \"SPN Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS08-076",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076"
},
{
"name" : "TA08-344A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name" : "32653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32653"
},
{
"name" : "oval:org.mitre.oval:def:5942",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942"
},
{
"name" : "33058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33058"
},
{
"name" : "ADV-2008-3388",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3388"
},
{
"name" : "1021372",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021372"
},
{
"name" : "1021373",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka \"SPN Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32653"
},
{
"name": "1021372",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021372"
},
{
"name": "oval:org.mitre.oval:def:5942",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5942"
},
{
"name": "TA08-344A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name": "33058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33058"
},
{
"name": "ADV-2008-3388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3388"
},
{
"name": "1021373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021373"
},
{
"name": "MS08-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076"
}
]
}
}

160
2008/3xxx/CVE-2008-3344.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080719 Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=121665294304071&w=2"
},
{
"name" : "30328",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30328"
},
{
"name" : "31192",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31192"
},
{
"name" : "4049",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4049"
},
{
"name" : "easyecards-index-xss(43923)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30328"
},
{
"name": "31192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31192"
},
{
"name": "4049",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4049"
},
{
"name": "easyecards-index-xss(43923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43923"
},
{
"name": "20080719 Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121665294304071&w=2"
}
]
}
}

440
2008/3xxx/CVE-2008-3525.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080829 CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/29/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7"
},
{
"name" : "DSA-1655",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1655"
},
{
"name" : "DSA-1653",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1653"
},
{
"name" : "FEDORA-2008-8929",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html"
},
{
"name" : "FEDORA-2008-8980",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html"
},
{
"name" : "MDVSA-2008:223",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:223"
},
{
"name" : "MDVSA-2008:220",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:220"
},
{
"name" : "RHSA-2008:0973",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
},
{
"name" : "RHSA-2008:0787",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
},
{
"name" : "SUSE-SA:2008:053",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
},
{
"name" : "SUSE-SR:2008:025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name" : "SUSE-SA:2008:047",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
},
{
"name" : "SUSE-SA:2008:049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
},
{
"name" : "SUSE-SA:2008:051",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
},
{
"name" : "SUSE-SA:2008:052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"name" : "USN-659-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-659-1"
},
{
"name" : "oval:org.mitre.oval:def:5671",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5671"
},
{
"name" : "oval:org.mitre.oval:def:9364",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9364"
},
{
"name" : "32315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32315"
},
{
"name" : "32356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32356"
},
{
"name" : "32370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32370"
},
{
"name" : "ADV-2008-2511",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2511"
},
{
"name" : "ADV-2008-2714",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2714"
},
{
"name" : "1020969",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020969"
},
{
"name" : "32393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32393"
},
{
"name" : "32386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32386"
},
{
"name" : "32759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32759"
},
{
"name" : "33201",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33201"
},
{
"name" : "32103",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32103"
},
{
"name" : "33280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33280"
},
{
"name" : "32237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2008:047",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e"
},
{
"name": "ADV-2008-2714",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2714"
},
{
"name": "DSA-1655",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1655"
},
{
"name": "32393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32393"
},
{
"name": "32237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32237"
},
{
"name": "[oss-security] 20080829 CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/29/2"
},
{
"name": "MDVSA-2008:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:223"
},
{
"name": "SUSE-SA:2008:052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7"
},
{
"name": "USN-659-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-659-1"
},
{
"name": "SUSE-SA:2008:053",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
},
{
"name": "FEDORA-2008-8929",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html"
},
{
"name": "32103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32103"
},
{
"name": "33280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33280"
},
{
"name": "DSA-1653",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1653"
},
{
"name": "32356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32356"
},
{
"name": "32759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32759"
},
{
"name": "MDVSA-2008:220",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:220"
},
{
"name": "1020969",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020969"
},
{
"name": "ADV-2008-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2511"
},
{
"name": "32370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32370"
},
{
"name": "RHSA-2008:0973",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html"
},
{
"name": "RHSA-2008:0787",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html"
},
{
"name": "SUSE-SA:2008:051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html"
},
{
"name": "32386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32386"
},
{
"name": "FEDORA-2008-8980",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html"
},
{
"name": "oval:org.mitre.oval:def:9364",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9364"
},
{
"name": "SUSE-SA:2008:049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:5671",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5671"
},
{
"name": "33201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33201"
},
{
"name": "32315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32315"
}
]
}
}

170
2008/3xxx/CVE-2008-3751.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6940",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6940"
},
{
"name" : "http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt"
},
{
"name" : "30767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30767"
},
{
"name" : "ADV-2008-2985",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2985"
},
{
"name" : "31547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31547"
},
{
"name" : "shorturlurltrackerscript-tr-sql-injection(44561)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt"
},
{
"name": "ADV-2008-2985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2985"
},
{
"name": "30767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30767"
},
{
"name": "6940",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6940"
},
{
"name": "31547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31547"
},
{
"name": "shorturlurltrackerscript-tr-sql-injection(44561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44561"
}
]
}
}

180
2008/4xxx/CVE-2008-4776.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[libgadu-devel] 20081024 libgadu 1.8.2",
"refsource" : "MLIST",
"url" : "http://lists.ziew.org/pipermail/libgadu-devel/2008-October/000331.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=468830",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=468830"
},
{
"name" : "DSA-1664",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1664"
},
{
"name" : "SUSE-SR:2008:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
},
{
"name" : "USN-692-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-692-1"
},
{
"name" : "31951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31951"
},
{
"name" : "libgadu-contactdescription-bo(46158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libgadu-devel] 20081024 libgadu 1.8.2",
"refsource": "MLIST",
"url": "http://lists.ziew.org/pipermail/libgadu-devel/2008-October/000331.html"
},
{
"name": "DSA-1664",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1664"
},
{
"name": "SUSE-SR:2008:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
},
{
"name": "USN-692-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-692-1"
},
{
"name": "31951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31951"
},
{
"name": "libgadu-contactdescription-bo(46158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46158"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=468830",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=468830"
}
]
}
}

210
2008/4xxx/CVE-2008-4810.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka \"php executed in templates;\" and (2) a double quoted literal string, aka a \"function injection security hole.\" NOTE: each vector affects slightly different SVN revisions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081025 Regarding SA32329 (Smarty \"_expand_quoted_text()\" Security Bypass)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/25/2"
},
{
"name" : "http://securityvulns.ru/Udocument746.html",
"refsource" : "MISC",
"url" : "http://securityvulns.ru/Udocument746.html"
},
{
"name" : "http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php"
},
{
"name" : "http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php"
},
{
"name" : "http://smarty-php.googlecode.com/svn/trunk/NEWS",
"refsource" : "CONFIRM",
"url" : "http://smarty-php.googlecode.com/svn/trunk/NEWS"
},
{
"name" : "https://bugs.gentoo.org/attachment.cgi?id=169804&action=view",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/attachment.cgi?id=169804&action=view"
},
{
"name" : "DSA-1691",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1691"
},
{
"name" : "31862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31862"
},
{
"name" : "32329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32329"
},
{
"name" : "smarty-expandquotedtext-code-execution(46031)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka \"php executed in templates;\" and (2) a double quoted literal string, aka a \"function injection security hole.\" NOTE: each vector affects slightly different SVN revisions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32329"
},
{
"name": "31862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31862"
},
{
"name": "smarty-expandquotedtext-code-execution(46031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46031"
},
{
"name": "DSA-1691",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php"
},
{
"name": "http://securityvulns.ru/Udocument746.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Udocument746.html"
},
{
"name": "https://bugs.gentoo.org/attachment.cgi?id=169804&action=view",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/attachment.cgi?id=169804&action=view"
},
{
"name": "http://smarty-php.googlecode.com/svn/trunk/NEWS",
"refsource": "CONFIRM",
"url": "http://smarty-php.googlecode.com/svn/trunk/NEWS"
},
{
"name": "http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php"
},
{
"name": "[oss-security] 20081025 Regarding SA32329 (Smarty \"_expand_quoted_text()\" Security Bypass)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/25/2"
}
]
}
}

170
2008/6xxx/CVE-2008-6085.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.f-secure.com/security/fsc-2008-3.shtml",
"refsource" : "CONFIRM",
"url" : "http://www.f-secure.com/security/fsc-2008-3.shtml"
},
{
"name" : "31846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31846"
},
{
"name" : "ADV-2008-2874",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2874"
},
{
"name" : "1021073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021073"
},
{
"name" : "32352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32352"
},
{
"name" : "fsecure-multipleproducts-rpm-bo(46016)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31846"
},
{
"name": "1021073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021073"
},
{
"name": "http://www.f-secure.com/security/fsc-2008-3.shtml",
"refsource": "CONFIRM",
"url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
},
{
"name": "32352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32352"
},
{
"name": "ADV-2008-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2874"
},
{
"name": "fsecure-multipleproducts-rpm-bo(46016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
}
]
}
}

150
2008/6xxx/CVE-2008-6109.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the \"double click selector bug\"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to \"change permissions\" and the \"new UI.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=82533&release_id=596220",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=82533&release_id=596220"
},
{
"name" : "29022",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29022"
},
{
"name" : "30041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30041"
},
{
"name" : "asm-unspecified-security-bypass(42139)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the \"double click selector bug\"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to \"change permissions\" and the \"new UI.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asm-unspecified-security-bypass(42139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42139"
},
{
"name": "30041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30041"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=82533&release_id=596220",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=82533&release_id=596220"
},
{
"name": "29022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29022"
}
]
}
}

150
2008/6xxx/CVE-2008-6362.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7346",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7346"
},
{
"name" : "32655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32655"
},
{
"name" : "33019",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33019"
},
{
"name" : "multiplemembership-sitepage-sql-injection(47094)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33019"
},
{
"name": "7346",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7346"
},
{
"name": "multiplemembership-sitepage-sql-injection(47094)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47094"
},
{
"name": "32655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32655"
}
]
}
}

34
2008/7xxx/CVE-2008-7304.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7304",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7304",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2013/2xxx/CVE-2013-2145.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130605 CVE-2013-2145: perl Module::Signature code execution vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/05/16"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=971096",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=971096"
},
{
"name" : "https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2",
"refsource" : "CONFIRM",
"url" : "https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2"
},
{
"name" : "https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896",
"refsource" : "CONFIRM",
"url" : "https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896"
},
{
"name" : "openSUSE-SU-2013:1178",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00039.html"
},
{
"name" : "openSUSE-SU-2013:1185",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00043.html"
},
{
"name" : "USN-1896-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1896-1"
},
{
"name" : "60352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1185",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00043.html"
},
{
"name": "60352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60352"
},
{
"name": "openSUSE-SU-2013:1178",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00039.html"
},
{
"name": "[oss-security] 20130605 CVE-2013-2145: perl Module::Signature code execution vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/05/16"
},
{
"name": "USN-1896-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1896-1"
},
{
"name": "https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896",
"refsource": "CONFIRM",
"url": "https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971096",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971096"
},
{
"name": "https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2",
"refsource": "CONFIRM",
"url": "https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2"
}
]
}
}

150
2013/2xxx/CVE-2013-2208.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130621 Re: CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/21/4"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644"
},
{
"name" : "https://github.com/akrennmair/tpp/pull/2",
"refsource" : "MISC",
"url" : "https://github.com/akrennmair/tpp/pull/2"
},
{
"name" : "GLSA-201309-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-19.xml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130621 Re: CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/21/4"
},
{
"name": "GLSA-201309-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-19.xml"
},
{
"name": "https://github.com/akrennmair/tpp/pull/2",
"refsource": "MISC",
"url": "https://github.com/akrennmair/tpp/pull/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644"
}
]
}
}

190
2013/2xxx/CVE-2013-2222.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q2/638"
},
{
"name" : "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html",
"refsource" : "MISC",
"url" : "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html"
},
{
"name" : "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637",
"refsource" : "CONFIRM",
"url" : "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637"
},
{
"name" : "GLSA-201309-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-13.xml"
},
{
"name" : "openSUSE-SU-2013:1599",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html"
},
{
"name" : "openSUSE-SU-2013:1600",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html"
},
{
"name" : "53818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53818"
},
{
"name" : "54998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54998"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1600",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html"
},
{
"name": "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637",
"refsource": "CONFIRM",
"url": "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637"
},
{
"name": "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html",
"refsource": "MISC",
"url": "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html"
},
{
"name": "54998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54998"
},
{
"name": "openSUSE-SU-2013:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html"
},
{
"name": "GLSA-201309-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-13.xml"
},
{
"name": "[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/638"
},
{
"name": "53818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53818"
}
]
}
}

250
2013/2xxx/CVE-2013-2436.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"type checks\" and \"method handle binding\" involving Wrapper.convert."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/20f287fec09f",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/20f287fec09f"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952550",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952550"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "MDVSA-2013:161",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name" : "RHSA-2013:0752",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name" : "RHSA-2013:0757",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name" : "openSUSE-SU-2013:0964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name" : "USN-1806-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name" : "TA13-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name" : "oval:org.mitre.oval:def:16540",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"type checks\" and \"method handle binding\" involving Wrapper.convert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/20f287fec09f",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/20f287fec09f"
},
{
"name": "MDVSA-2013:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"name": "openSUSE-SU-2013:0964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name": "RHSA-2013:0752",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952550",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952550"
},
{
"name": "USN-1806-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name": "oval:org.mitre.oval:def:16540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16540"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
}
]
}
}

34
2013/2xxx/CVE-2013-2497.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2497",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2497",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2013/2xxx/CVE-2013-2604.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf",
"refsource" : "MISC",
"url" : "http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf"
},
{
"name" : "https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf",
"refsource" : "MISC",
"url" : "https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf"
},
{
"name" : "96918",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/96918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf",
"refsource": "MISC",
"url": "http://www.riskbasedsecurity.com/reports/RBS-GameHouseAnalysis-Sept2013.pdf"
},
{
"name": "https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf",
"refsource": "MISC",
"url": "https://www.riskbasedsecurity.com/research/RBS-2013-005.pdf"
},
{
"name": "96918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/96918"
}
]
}
}

130
2013/2xxx/CVE-2013-2959.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2959",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637444",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637444"
},
{
"name" : "ibm-optim-cve20132959-info-disclosure(83668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637444",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637444"
},
{
"name": "ibm-optim-cve20132959-info-disclosure(83668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83668"
}
]
}
}

34
2013/6xxx/CVE-2013-6270.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6270",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6270",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2013/6xxx/CVE-2013-6439.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1042677",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"
},
{
"name" : "RHSA-2013:1863",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1863.html"
},
{
"name" : "candlepin-redhat-cve20136439-unspecified(90134)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1042677"
},
{
"name": "RHSA-2013:1863",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1863.html"
},
{
"name": "candlepin-redhat-cve20136439-unspecified(90134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90134"
}
]
}
}

120
2013/6xxx/CVE-2013-6827.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131119 pineapp mailsecure pwnage",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131119 pineapp mailsecure pwnage",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html"
}
]
}
}

34
2013/7xxx/CVE-2013-7165.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7165",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7165",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

310
2013/7xxx/CVE-2013-7269.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131231 Re: CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/12/31/7"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039845",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039845"
},
{
"name" : "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c"
},
{
"name" : "USN-2113-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2113-1"
},
{
"name" : "USN-2117-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2117-1"
},
{
"name" : "USN-2109-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"name" : "USN-2110-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"name" : "USN-2128-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2128-1"
},
{
"name" : "USN-2129-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2129-1"
},
{
"name" : "USN-2135-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2135-1"
},
{
"name" : "USN-2136-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2136-1"
},
{
"name" : "USN-2138-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2138-1"
},
{
"name" : "USN-2139-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2139-1"
},
{
"name" : "USN-2141-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2141-1"
},
{
"name" : "64742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64742"
},
{
"name" : "55882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55882"
},
{
"name" : "56036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56036"
},
{
"name" : "linux-kernel-cve20137269-info-disc(90130)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90130"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2135-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2135-1"
},
{
"name": "USN-2138-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2138-1"
},
{
"name": "USN-2113-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2113-1"
},
{
"name": "USN-2141-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2141-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039845",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039845"
},
{
"name": "USN-2110-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"name": "USN-2129-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2129-1"
},
{
"name": "USN-2136-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2136-1"
},
{
"name": "USN-2128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2128-1"
},
{
"name": "USN-2139-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2139-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4"
},
{
"name": "USN-2117-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2117-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3d3342602f8bcbf37d7c46641cb9bca7618eb1c"
},
{
"name": "56036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56036"
},
{
"name": "USN-2109-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"name": "[oss-security] 20131231 Re: CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/31/7"
},
{
"name": "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c"
},
{
"name": "64742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64742"
},
{
"name": "linux-kernel-cve20137269-info-disc(90130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90130"
},
{
"name": "55882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55882"
}
]
}
}

198
2017/10xxx/CVE-2017-10072.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Universal Banking",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.3.0"
},
{
"version_affected" : "=",
"version_value" : "11.4.0"
},
{
"version_affected" : "=",
"version_value" : "12.0.1"
},
{
"version_affected" : "=",
"version_value" : "12.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.0.3"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.3.0"
},
{
"version_affected": "=",
"version_value": "11.4.0"
},
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.2"
},
{
"version_affected": "=",
"version_value": "12.0.3"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.2.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99860"
},
{
"name" : "1038934",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038934",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038934"
},
{
"name": "99860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99860"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10433.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10433",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10433",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/10xxx/CVE-2017-10900.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PTW-WMS1",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 2.000.012"
}
]
}
}
]
},
"vendor_name" : "Princeton Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTW-WMS1",
"version": {
"version_data": [
{
"version_value": "firmware version 2.000.012"
}
]
}
}
]
},
"vendor_name": "Princeton Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#98295787",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN98295787/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#98295787",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN98295787/index.html"
}
]
}
}

160
2017/14xxx/CVE-2017-14174.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"length\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/714",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/714"
},
{
"name" : "GLSA-201711-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-07"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large \"length\" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/714",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/714"
}
]
}
}

120
2017/14xxx/CVE-2017-14195.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity",
"refsource" : "MISC",
"url" : "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity",
"refsource": "MISC",
"url": "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity"
}
]
}
}

120
2017/14xxx/CVE-2017-14797.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tiferrei.com/philips-we-need-to-talk",
"refsource" : "MISC",
"url" : "https://www.tiferrei.com/philips-we-need-to-talk"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tiferrei.com/philips-we-need-to-talk",
"refsource": "MISC",
"url": "https://www.tiferrei.com/philips-we-need-to-talk"
}
]
}
}

270
2017/15xxx/CVE-2017-15289.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/10/12/16"
},
{
"name" : "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
},
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1501290",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
},
{
"name" : "DSA-4213",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4213"
},
{
"name" : "RHSA-2017:3368",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name" : "RHSA-2017:3369",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3369"
},
{
"name" : "RHSA-2017:3466",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name" : "RHSA-2017:3470",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name" : "RHSA-2017:3471",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name" : "RHSA-2017:3472",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name" : "RHSA-2017:3473",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name" : "RHSA-2017:3474",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name" : "RHSA-2018:0516",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0516"
},
{
"name" : "USN-3575-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3575-1/"
},
{
"name" : "101262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0516",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0516"
},
{
"name": "RHSA-2017:3473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "101262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101262"
},
{
"name": "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
},
{
"name": "RHSA-2017:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
},
{
"name": "RHSA-2017:3466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
]
}
}

130
2017/15xxx/CVE-2017-15624.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
},
{
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource" : "MISC",
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

120
2017/15xxx/CVE-2017-15756.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15756",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15756",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15756"
}
]
}
}

160
2017/15xxx/CVE-2017-15939.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22205",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22205"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9",
"refsource" : "MISC",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9"
},
{
"name" : "GLSA-201801-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-01"
},
{
"name" : "101613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201801-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-01"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22205",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22205"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9"
},
{
"name": "101613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101613"
},
{
"name": "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/"
}
]
}
}

120
2017/9xxx/CVE-2017-9162.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in autotrace.c:191:2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in autotrace.c:191:2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
}

180
2017/9xxx/CVE-2017-9242.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a"
},
{
"name" : "https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a"
},
{
"name" : "https://patchwork.ozlabs.org/patch/764880/",
"refsource" : "CONFIRM",
"url" : "https://patchwork.ozlabs.org/patch/764880/"
},
{
"name" : "DSA-3886",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3886"
},
{
"name" : "RHSA-2017:1842",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name" : "RHSA-2017:2077",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name" : "98731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98731"
},
{
"name": "https://patchwork.ozlabs.org/patch/764880/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/764880/"
},
{
"name": "https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
]
}
}

140
2017/9xxx/CVE-2017-9675.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43147",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43147/"
},
{
"name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf",
"refsource" : "CONFIRM",
"url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf"
},
{
"name" : "99084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99084"
},
{
"name": "43147",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43147/"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-605L/REVB/DIR-605L_REVB_RELEASE_NOTES_v2.08UIBETAB01_EN.pdf"
}
]
}
}

150
2017/9xxx/CVE-2017-9746.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42199",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42199/"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21580",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21580"
},
{
"name" : "GLSA-201801-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-01"
},
{
"name" : "99117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42199",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42199/"
},
{
"name": "GLSA-201801-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-01"
},
{
"name": "99117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99117"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21580",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21580"
}
]
}
}

34
2017/9xxx/CVE-2017-9817.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9817",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9817",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/0xxx/CVE-2018-0124.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Unified Communications Domain Manager",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Unified Communications Domain Manager"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-320"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Domain Manager",
"version": {
"version_data": [
{
"version_value": "Cisco Unified Communications Domain Manager"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm"
},
{
"name" : "103114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103114"
},
{
"name" : "1040405",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-320"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103114"
},
{
"name": "1040405",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040405"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm"
}
]
}
}

140
2018/0xxx/CVE-2018-0207.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Secure Access Control Server",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Secure Access Control Server"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Secure Access Control Server",
"version": {
"version_data": [
{
"version_value": "Cisco Secure Access Control Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs"
},
{
"name" : "103343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103343"
},
{
"name" : "1040470",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs"
},
{
"name": "1040470",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040470"
},
{
"name": "103343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103343"
}
]
}
}

140
2018/0xxx/CVE-2018-0273.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco StarOS IPsec Manager",
"version" : {
"version_data" : [
{
"version_value" : "Cisco StarOS IPsec Manager"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco StarOS IPsec Manager",
"version": {
"version_data": [
{
"version_value": "Cisco StarOS IPsec Manager"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
},
{
"name" : "103935",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103935"
},
{
"name" : "1040721",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr"
},
{
"name": "103935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103935"
},
{
"name": "1040721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040721"
}
]
}
}

426
2018/0xxx/CVE-2018-0986.json
View File

@ -1,215 +1,215 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-0986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Defender",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows 8.1 for 32-bit systems"
},
{
"version_value" : "Windows 8.1 for x64-based systems"
},
{
"version_value" : "Windows RT 8.1"
},
{
"version_value" : "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value" : "Windows Server 2012"
},
{
"version_value" : "Windows Server 2012 (Server Core installation)"
},
{
"version_value" : "Windows Server 2012 R2"
},
{
"version_value" : "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value" : "Windows Server 2016"
},
{
"version_value" : "Windows Server 2016 (Server Core installation)"
},
{
"version_value" : "Windows Server, version 1709 (Server Core Installation)"
}
]
}
},
{
"product_name" : "Windows Intune Endpoint Protection",
"version" : {
"version_data" : [
{
"version_value" : "Windows Intune Endpoint Protection"
}
]
}
},
{
"product_name" : "Microsoft Security Essentials",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Security Essentials"
}
]
}
},
{
"product_name" : "Microsoft System Center Endpoint Protection",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft System Center Endpoint Protection"
}
]
}
},
{
"product_name" : "Microsoft Exchange Server",
"version" : {
"version_data" : [
{
"version_value" : "2013"
},
{
"version_value" : "2016"
}
]
}
},
{
"product_name" : "Microsoft System Center",
"version" : {
"version_data" : [
{
"version_value" : "2012 Endpoint Protection"
},
{
"version_value" : "2012 R2 Endpoint Protection"
}
]
}
},
{
"product_name" : "Microsoft Forefront Endpoint Protection",
"version" : {
"version_data" : [
{
"version_value" : "2010"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Defender",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "Windows Server 2012"
},
{
"version_value": "Windows Server 2012 (Server Core installation)"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2016 (Server Core installation)"
},
{
"version_value": "Windows Server, version 1709 (Server Core Installation)"
}
]
}
},
{
"product_name": "Windows Intune Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "Windows Intune Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Security Essentials",
"version": {
"version_data": [
{
"version_value": "Microsoft Security Essentials"
}
]
}
},
{
"product_name": "Microsoft System Center Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "Microsoft System Center Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "2013"
},
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft System Center",
"version": {
"version_data": [
{
"version_value": "2012 Endpoint Protection"
},
{
"version_value": "2012 R2 Endpoint Protection"
}
]
}
},
{
"product_name": "Microsoft Forefront Endpoint Protection",
"version": {
"version_data": [
{
"version_value": "2010"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44402",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44402/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"name" : "103593",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103593"
},
{
"name" : "1040631",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\" This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040631"
},
{
"name": "103593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103593"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986"
},
{
"name": "44402",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44402/"
}
]
}
}

156
2018/1000xxx/CVE-2018-1000207.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-10T20:50:24.882222",
"DATE_REQUESTED" : "2018-07-09T16:32:07",
"ID" : "CVE-2018-1000207",
"REQUESTER" : "security@agel-nash.ru",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MODX Revolution",
"version" : {
"version_data" : [
{
"version_value" : "<=2.6.4"
}
]
}
}
]
},
"vendor_name" : "MODX Revolution"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-10T20:50:24.882222",
"DATE_REQUESTED": "2018-07-09T16:32:07",
"ID": "CVE-2018-1000207",
"REQUESTER": "security@agel-nash.ru",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/a2u/CVE-2018-1000207",
"refsource" : "MISC",
"url" : "https://github.com/a2u/CVE-2018-1000207"
},
{
"name" : "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4",
"refsource" : "MISC",
"url" : "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"
},
{
"name" : "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68",
"refsource" : "CONFIRM",
"url" : "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68"
},
{
"name" : "https://github.com/modxcms/revolution/pull/13979",
"refsource" : "CONFIRM",
"url" : "https://github.com/modxcms/revolution/pull/13979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4",
"refsource": "MISC",
"url": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"
},
{
"name": "https://github.com/modxcms/revolution/pull/13979",
"refsource": "CONFIRM",
"url": "https://github.com/modxcms/revolution/pull/13979"
},
{
"name": "https://github.com/a2u/CVE-2018-1000207",
"refsource": "MISC",
"url": "https://github.com/a2u/CVE-2018-1000207"
},
{
"name": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68",
"refsource": "CONFIRM",
"url": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000839.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.475758",
"DATE_REQUESTED" : "2018-09-03T02:38:48",
"ID" : "CVE-2018-1000839",
"REQUESTER" : "cam@0dd.zone",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LH-EHR",
"version" : {
"version_data" : [
{
"version_value" : "REL-2_0_0"
}
]
}
}
]
},
"vendor_name" : "LH-EHR"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary File Upload"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.475758",
"DATE_REQUESTED": "2018-09-03T02:38:48",
"ID": "CVE-2018-1000839",
"REQUESTER": "cam@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/",
"refsource" : "MISC",
"url" : "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/"
},
{
"name" : "https://github.com/LibreHealthIO/lh-ehr/issues/1223",
"refsource" : "MISC",
"url" : "https://github.com/LibreHealthIO/lh-ehr/issues/1223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1223",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1223"
},
{
"name": "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/"
}
]
}
}

34
2018/16xxx/CVE-2018-16227.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16227",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16227",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16281.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DEISER \"Profields - Project Custom Fields\" app before 6.0.2 for Jira has Incorrect Access Control."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://marketplace.atlassian.com/apps/1210816/profields-project-custom-fields/version-history",
"refsource" : "CONFIRM",
"url" : "https://marketplace.atlassian.com/apps/1210816/profields-project-custom-fields/version-history"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DEISER \"Profields - Project Custom Fields\" app before 6.0.2 for Jira has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://marketplace.atlassian.com/apps/1210816/profields-project-custom-fields/version-history",
"refsource": "CONFIRM",
"url": "https://marketplace.atlassian.com/apps/1210816/profields-project-custom-fields/version-history"
}
]
}
}

34
2018/16xxx/CVE-2018-16451.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16451",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16451",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19292.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19292",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19292",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19526.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19526",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19526",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19948.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19948",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19948",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19996.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19996",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19996",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2018/4xxx/CVE-2018-4119.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208693",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208693"
},
{
"name" : "https://support.apple.com/HT208694",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208694"
},
{
"name" : "https://support.apple.com/HT208695",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208695"
},
{
"name" : "https://support.apple.com/HT208697",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208697"
},
{
"name" : "https://support.apple.com/HT208698",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208698"
},
{
"name" : "GLSA-201808-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201808-04"
},
{
"name" : "USN-3635-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3635-1/"
},
{
"name" : "1040604",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040604"
},
{
"name": "https://support.apple.com/HT208698",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208698"
},
{
"name": "GLSA-201808-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name": "https://support.apple.com/HT208693",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208693"
},
{
"name": "https://support.apple.com/HT208694",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208694"
},
{
"name": "https://support.apple.com/HT208697",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208697"
},
{
"name": "USN-3635-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3635-1/"
},
{
"name": "https://support.apple.com/HT208695",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208695"
}
]
}
}

34
2018/4xxx/CVE-2018-4478.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4478",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4478",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4812.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4812",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4812",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4923.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Connect 9.7 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Connect 9.7 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Connect 9.7 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Connect 9.7 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/connect/apsb18-06.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/connect/apsb18-06.html"
},
{
"name" : "103391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103391"
},
{
"name" : "1040523",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040523"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040523",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040523"
},
{
"name": "https://helpx.adobe.com/security/products/connect/apsb18-06.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/connect/apsb18-06.html"
},
{
"name": "103391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103391"
}
]
}
}

140
2018/4xxx/CVE-2018-4952.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104169"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104169"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}