admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:48:33 +00:00
parent ccf35b6d1a
commit 8184b9eab4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3053 additions and 3053 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2004/1xxx/CVE-2004-1592.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041012 [hackgen-2004-#002] - Remote file inclusion bug in ocPortal 1.0.3.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109763314312828&w=2"
},
{
"name" : "http://www.hackgen.org/advisories/hackgen-2004-002.txt",
"refsource" : "MISC",
"url" : "http://www.hackgen.org/advisories/hackgen-2004-002.txt"
},
{
"name" : "11368",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11368"
},
{
"name" : "12811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12811/"
},
{
"name" : "ocportal-reqpath-file-include(17699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17699"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12811/"
},
{
"name": "ocportal-reqpath-file-include(17699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17699"
},
{
"name": "http://www.hackgen.org/advisories/hackgen-2004-002.txt",
"refsource": "MISC",
"url": "http://www.hackgen.org/advisories/hackgen-2004-002.txt"
},
{
"name": "11368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11368"
},
{
"name": "20041012 [hackgen-2004-#002] - Remote file inclusion bug in ocPortal 1.0.3.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109763314312828&w=2"
}
]
}
}

190
2008/0xxx/CVE-2008-0388.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080216 WordPress forumaction (PAGE_id)(user)SQL Injectio",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0272.html"
},
{
"name" : "4939",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4939"
},
{
"name" : "http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/",
"refsource" : "CONFIRM",
"url" : "http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/"
},
{
"name" : "27362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27362"
},
{
"name" : "52211",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52211"
},
{
"name" : "ADV-2008-0235",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0235"
},
{
"name" : "28567",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28567"
},
{
"name" : "wpforum-index-sql-injection(39800)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52211",
"refsource": "OSVDB",
"url": "http://osvdb.org/52211"
},
{
"name": "28567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28567"
},
{
"name": "ADV-2008-0235",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0235"
},
{
"name": "wpforum-index-sql-injection(39800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39800"
},
{
"name": "20080216 WordPress forumaction (PAGE_id)(user)SQL Injectio",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0272.html"
},
{
"name": "4939",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4939"
},
{
"name": "27362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27362"
},
{
"name": "http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/",
"refsource": "CONFIRM",
"url": "http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/"
}
]
}
}

150
2008/0xxx/CVE-2008-0514.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5010",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5010"
},
{
"name" : "27505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27505"
},
{
"name" : "ADV-2008-0357",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0357"
},
{
"name" : "glossary-index-sql-injection(40038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0357",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0357"
},
{
"name": "5010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5010"
},
{
"name": "glossary-index-sql-injection(40038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40038"
},
{
"name": "27505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27505"
}
]
}
}

170
2008/0xxx/CVE-2008-0741.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name" : "PK52709",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK52709&uid=swg1PK58871&loc=en_US&cs=utf-8&lang="
},
{
"name" : "27400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27400"
},
{
"name" : "ADV-2008-0241",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0241"
},
{
"name" : "1019254",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019254"
},
{
"name" : "28588",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28588"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019254",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019254"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name": "27400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27400"
},
{
"name": "ADV-2008-0241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0241"
},
{
"name": "28588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28588"
},
{
"name": "PK52709",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK52709&uid=swg1PK58871&loc=en_US&cs=utf-8&lang="
}
]
}
}

200
2008/3xxx/CVE-2008-3155.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080704 Panda ActiveScan 2.0 remote code execution",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name" : "20080705 Panda ActiveScan 2.0 remote code execution",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name" : "6004",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6004"
},
{
"name" : "http://karol.wiesek.pl/files/panda.tgz",
"refsource" : "MISC",
"url" : "http://karol.wiesek.pl/files/panda.tgz"
},
{
"name" : "30086",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30086"
},
{
"name" : "ADV-2008-2008",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name" : "1020432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020432"
},
{
"name" : "30841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30841"
},
{
"name" : "panda-activescan-bo(43588)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "panda-activescan-bo(43588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43588"
},
{
"name": "ADV-2008-2008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2008/references"
},
{
"name": "30086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30086"
},
{
"name": "6004",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6004"
},
{
"name": "20080705 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063061.html"
},
{
"name": "30841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30841"
},
{
"name": "20080704 Panda ActiveScan 2.0 remote code execution",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063068.html"
},
{
"name": "1020432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020432"
},
{
"name": "http://karol.wiesek.pl/files/panda.tgz",
"refsource": "MISC",
"url": "http://karol.wiesek.pl/files/panda.tgz"
}
]
}
}

320
2008/3xxx/CVE-2008-3276.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080815 CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/15/3"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=3e8a0a559c66ee9e7468195691a56fefc3589740",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=3e8a0a559c66ee9e7468195691a56fefc3589740"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459226",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459226"
},
{
"name" : "DSA-1636",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1636"
},
{
"name" : "DSA-1653",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1653"
},
{
"name" : "RHSA-2008:0857",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
},
{
"name" : "RHSA-2008:0957",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
},
{
"name" : "SUSE-SA:2008:052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"name" : "USN-659-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-659-1"
},
{
"name" : "30704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30704"
},
{
"name" : "oval:org.mitre.oval:def:11506",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11506"
},
{
"name" : "32370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32370"
},
{
"name" : "ADV-2008-2406",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2406"
},
{
"name" : "1020705",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020705"
},
{
"name" : "31509",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31509"
},
{
"name" : "31881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31881"
},
{
"name" : "32190",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32190"
},
{
"name" : "31836",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31836"
},
{
"name" : "32393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32393"
},
{
"name" : "32485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32485"
},
{
"name" : "32237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32485"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459226",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459226"
},
{
"name": "oval:org.mitre.oval:def:11506",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11506"
},
{
"name": "32190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32190"
},
{
"name": "[oss-security] 20080815 CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/15/3"
},
{
"name": "32393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32393"
},
{
"name": "DSA-1636",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1636"
},
{
"name": "32237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32237"
},
{
"name": "30704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30704"
},
{
"name": "RHSA-2008:0957",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
},
{
"name": "31509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31509"
},
{
"name": "31881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31881"
},
{
"name": "SUSE-SA:2008:052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html"
},
{
"name": "USN-659-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-659-1"
},
{
"name": "ADV-2008-2406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2406"
},
{
"name": "RHSA-2008:0857",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
},
{
"name": "DSA-1653",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1653"
},
{
"name": "1020705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020705"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=3e8a0a559c66ee9e7468195691a56fefc3589740",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=3e8a0a559c66ee9e7468195691a56fefc3589740"
},
{
"name": "32370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32370"
},
{
"name": "31836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31836"
}
]
}
}

34
2008/3xxx/CVE-2008-3461.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3461",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-3461",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}

170
2008/3xxx/CVE-2008-3567.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html",
"refsource" : "MISC",
"url" : "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
},
{
"name" : "http://forums.winamp.com/showthread.php?threadid=295505",
"refsource" : "CONFIRM",
"url" : "http://forums.winamp.com/showthread.php?threadid=295505"
},
{
"name" : "30539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30539"
},
{
"name" : "oval:org.mitre.oval:def:15716",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
},
{
"name" : "31371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31371"
},
{
"name" : "winamp-nowplaying-unspecified(44207)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15716",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
},
{
"name": "winamp-nowplaying-unspecified(44207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
},
{
"name": "http://forums.winamp.com/showthread.php?threadid=295505",
"refsource": "CONFIRM",
"url": "http://forums.winamp.com/showthread.php?threadid=295505"
},
{
"name": "31371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31371"
},
{
"name": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html",
"refsource": "MISC",
"url": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
},
{
"name": "30539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30539"
}
]
}
}

34
2008/4xxx/CVE-2008-4565.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4565",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4565",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2008/4xxx/CVE-2008-4875.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080214 Philips VOIP841 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488127/100/200/threaded"
},
{
"name" : "5113",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5113"
},
{
"name" : "27790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27790"
},
{
"name" : "42941",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42941"
},
{
"name" : "ADV-2008-0583",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0583"
},
{
"name" : "28978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28978"
},
{
"name" : "4536",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4536"
},
{
"name" : "voip841-saveapply-insecure-permissions(40534)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40534"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5113",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5113"
},
{
"name": "42941",
"refsource": "OSVDB",
"url": "http://osvdb.org/42941"
},
{
"name": "28978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28978"
},
{
"name": "27790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27790"
},
{
"name": "voip841-saveapply-insecure-permissions(40534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40534"
},
{
"name": "ADV-2008-0583",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0583"
},
{
"name": "20080214 Philips VOIP841 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488127/100/200/threaded"
},
{
"name": "4536",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4536"
}
]
}
}

150
2008/4xxx/CVE-2008-4996.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that \"init is [used in] a single-user context; there's no possibility that this is exploitable.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://bugs.debian.org/496386",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/496386"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/initramfs-tools",
"refsource" : "MISC",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/initramfs-tools"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "MISC",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that \"init is [used in] a single-user context; there's no possibility that this is exploitable.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/initramfs-tools",
"refsource": "MISC",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/initramfs-tools"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://bugs.debian.org/496386",
"refsource": "MISC",
"url": "http://bugs.debian.org/496386"
}
]
}
}

170
2013/2xxx/CVE-2013-2069.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130523 CVE-2013-2069 livecd-tools: improper handling of passwords",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/05/23/2"
},
{
"name" : "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/",
"refsource" : "CONFIRM",
"url" : "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=964299",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
},
{
"name" : "RHSA-2013:0849",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0849.html"
},
{
"name" : "60119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60119"
},
{
"name" : "redhat-cve20132069-livecd-security-bypass(84488)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84488"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/security/security-bulletins/red-hat-and-other-third-party-public-amis-security-concern/"
},
{
"name": "60119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60119"
},
{
"name": "redhat-cve20132069-livecd-security-bypass(84488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84488"
},
{
"name": "[oss-security] 20130523 CVE-2013-2069 livecd-tools: improper handling of passwords",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=964299",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=964299"
},
{
"name": "RHSA-2013:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0849.html"
}
]
}
}

180
2013/2xxx/CVE-2013-2072.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130517 Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/05/17/2"
},
{
"name" : "DSA-3041",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3041"
},
{
"name" : "FEDORA-2013-8513",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106778.html"
},
{
"name" : "FEDORA-2013-8571",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106718.html"
},
{
"name" : "FEDORA-2013-8590",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106721.html"
},
{
"name" : "SUSE-SU-2014:0446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name" : "59982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59982"
},
{
"name": "FEDORA-2013-8590",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106721.html"
},
{
"name": "[oss-security] 20130517 Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/17/2"
},
{
"name": "FEDORA-2013-8571",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106718.html"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "DSA-3041",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3041"
},
{
"name": "FEDORA-2013-8513",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106778.html"
}
]
}
}

34
2013/2xxx/CVE-2013-2749.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2749",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3528. Reason: This candidate is a reservation duplicate of CVE-2013-3528. Notes: All CVE users should reference CVE-2013-3528 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-2749",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3528. Reason: This candidate is a reservation duplicate of CVE-2013-3528. Notes: All CVE users should reference CVE-2013-3528 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2013/2xxx/CVE-2013-2867.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=252216",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=252216"
},
{
"name" : "DSA-2724",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2724"
},
{
"name" : "oval:org.mitre.oval:def:17216",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=252216",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=252216"
},
{
"name": "oval:org.mitre.oval:def:17216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17216"
},
{
"name": "DSA-2724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2724"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"
}
]
}
}

120
2013/3xxx/CVE-2013-3392.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130621 Cisco WebEx Social Cross-Site Request Forgery Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130621 Cisco WebEx Social Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3392"
}
]
}
}

130
2013/3xxx/CVE-2013-3706.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7014663",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7014663"
},
{
"name" : "65912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65912"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7014663",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7014663"
},
{
"name": "65912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65912"
}
]
}
}

34
2013/3xxx/CVE-2013-3711.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3711",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3711",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2013/6xxx/CVE-2013-6232.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140301 [CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531321/100/0/threaded"
},
{
"name" : "32038",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32038"
},
{
"name" : "http://packetstormsecurity.com/files/125495",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125495"
},
{
"name" : "65911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65911"
},
{
"name" : "spagobi-cve20136232-xss(91503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "spagobi-cve20136232-xss(91503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91503"
},
{
"name": "65911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65911"
},
{
"name": "http://packetstormsecurity.com/files/125495",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125495"
},
{
"name": "32038",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32038"
},
{
"name": "20140301 [CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531321/100/0/threaded"
}
]
}
}

34
2013/6xxx/CVE-2013-6247.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6247",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6247",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/6xxx/CVE-2013-6350.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6350",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6350",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2013/6xxx/CVE-2013-6442.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.samba.org/samba/history/samba-4.0.16.html",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/history/samba-4.0.16.html"
},
{
"name" : "http://www.samba.org/samba/history/samba-4.1.6.html",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/history/samba-4.1.6.html"
},
{
"name" : "http://www.samba.org/samba/security/CVE-2013-6442",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/security/CVE-2013-6442"
},
{
"name" : "https://bugzilla.samba.org/show_bug.cgi?id=10327",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.samba.org/show_bug.cgi?id=10327"
},
{
"name" : "FEDORA-2014-9132",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
},
{
"name" : "FEDORA-2014-7672",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
},
{
"name" : "openSUSE-SU-2014:0404",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html"
},
{
"name" : "66232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.samba.org/samba/history/samba-4.1.6.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/history/samba-4.1.6.html"
},
{
"name": "FEDORA-2014-9132",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
},
{
"name": "http://www.samba.org/samba/security/CVE-2013-6442",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/security/CVE-2013-6442"
},
{
"name": "http://www.samba.org/samba/history/samba-4.0.16.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/history/samba-4.0.16.html"
},
{
"name": "FEDORA-2014-7672",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
},
{
"name": "openSUSE-SU-2014:0404",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=10327",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=10327"
},
{
"name": "66232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66232"
}
]
}
}

34
2013/7xxx/CVE-2013-7029.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7029",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7029",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/10xxx/CVE-2017-10589.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10589",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10589",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/10xxx/CVE-2017-10740.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
}
]
}
}

120
2017/10xxx/CVE-2017-10798.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ObjectPlanet Opinio before 7.6.4, there is XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.objectplanet.com/opinio/changelog.html",
"refsource" : "CONFIRM",
"url" : "http://www.objectplanet.com/opinio/changelog.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ObjectPlanet Opinio before 7.6.4, there is XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.objectplanet.com/opinio/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.objectplanet.com/opinio/changelog.html"
}
]
}
}

120
2017/10xxx/CVE-2017-10885.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HYPER SBI",
"version" : {
"version_data" : [
{
"version_value" : "Ver. 2.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "SBI SECURITIES Co.,Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HYPER SBI",
"version": {
"version_data": [
{
"version_value": "Ver. 2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "SBI SECURITIES Co.,Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#71284826",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN71284826/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71284826",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71284826/index.html"
}
]
}
}

140
2017/14xxx/CVE-2017-14108.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\\0' characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cxsecurity.com/issue/WLB-2017090008",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2017090008"
},
{
"name" : "https://packetstormsecurity.com/files/143983/libgedit.a-3.22.1-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/143983/libgedit.a-3.22.1-Denial-Of-Service.html"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=791037",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=791037"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\\0' characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/143983/libgedit.a-3.22.1-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143983/libgedit.a-3.22.1-Denial-Of-Service.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=791037",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=791037"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017090008",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017090008"
}
]
}
}

120
2017/14xxx/CVE-2017-14486.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat",
"refsource" : "MISC",
"url" : "https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat",
"refsource": "MISC",
"url": "https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat"
}
]
}
}

120
2017/14xxx/CVE-2017-14570.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14570",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14570"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14570",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14570"
}
]
}
}

130
2017/17xxx/CVE-2017-17279.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 9 Pro",
"version" : {
"version_data" : [
{
"version_value" : "The versions before LON-AL00B 8.0.0.343(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before LON-AL00B 8.0.0.343(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en"
},
{
"name" : "103360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en"
},
{
"name": "103360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103360"
}
]
}
}

150
2017/9xxx/CVE-2017-9038.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d",
"refsource" : "MISC",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d"
},
{
"name" : "GLSA-201709-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-02"
},
{
"name" : "98589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98589"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98589"
},
{
"name": "GLSA-201709-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-02"
},
{
"name": "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d"
}
]
}
}

120
2017/9xxx/CVE-2017-9838.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008",
"refsource" : "MISC",
"url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008",
"refsource": "MISC",
"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008"
}
]
}
}

132
2017/9xxx/CVE-2017-9958.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2017-06-28T00:00:00",
"ID" : "CVE-2017-9958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Versions 1.2.1 and prior."
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-28T00:00:00",
"ID": "CVE-2017-9958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.Motion",
"version": {
"version_data": [
{
"version_value": "U.motion Builder Versions 1.2.1 and prior."
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/",
"refsource" : "CONFIRM",
"url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/"
},
{
"name" : "99344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/"
},
{
"name": "99344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99344"
}
]
}
}

34
2018/0xxx/CVE-2018-0072.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0072",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0072",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/0xxx/CVE-2018-0661.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Multiple I-O DATA network camera products",
"version" : {
"version_data" : [
{
"version_value" : "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple I-O DATA network camera products",
"version": {
"version_data": [
{
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource" : "CONFIRM",
"url" : "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"name" : "JVN#83701666",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource": "CONFIRM",
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"name": "JVN#83701666",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
}
}

220
2018/0xxx/CVE-2018-0994.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-0994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0994",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0994"
},
{
"name" : "103630",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103630"
},
{
"name" : "1040650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040650"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0994",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0994"
},
{
"name": "103630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103630"
}
]
}
}

164
2018/1000xxx/CVE-2018-1000133.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "3/7/2018 7:33:37",
"ID" : "CVE-2018-1000133",
"REQUESTER" : "thomas.ward@owasp.org",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pitchfork",
"version" : {
"version_data" : [
{
"version_value" : "1.4.6 RC1"
}
]
}
}
]
},
"vendor_name" : "Pitchfork"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the \"System Administrator\" permission to \"yes\" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Privilege Management"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "3/7/2018 7:33:37",
"ID": "CVE-2018-1000133",
"REQUESTER": "thomas.ward@owasp.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://thomas-ward.net/security-advisories/trident-trusted-communications-platform-privilege-escalation-issue-advisory/",
"refsource" : "MISC",
"url" : "https://thomas-ward.net/security-advisories/trident-trusted-communications-platform-privilege-escalation-issue-advisory/"
},
{
"name" : "https://github.com/tridentli/pitchfork/commit/33549f15707801099e1253dd5e79369bd48eb59b",
"refsource" : "CONFIRM",
"url" : "https://github.com/tridentli/pitchfork/commit/33549f15707801099e1253dd5e79369bd48eb59b"
},
{
"name" : "https://github.com/tridentli/pitchfork/commit/9fd07cbe4f93e1367e142016e9a205366680dd54",
"refsource" : "CONFIRM",
"url" : "https://github.com/tridentli/pitchfork/commit/9fd07cbe4f93e1367e142016e9a205366680dd54"
},
{
"name" : "https://github.com/tridentli/pitchfork/issues/168",
"refsource" : "CONFIRM",
"url" : "https://github.com/tridentli/pitchfork/issues/168"
},
{
"name" : "https://github.com/tridentli/trident/releases/tag/DEV_1.4.6-RC2",
"refsource" : "CONFIRM",
"url" : "https://github.com/tridentli/trident/releases/tag/DEV_1.4.6-RC2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the \"System Administrator\" permission to \"yes\" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tridentli/trident/releases/tag/DEV_1.4.6-RC2",
"refsource": "CONFIRM",
"url": "https://github.com/tridentli/trident/releases/tag/DEV_1.4.6-RC2"
},
{
"name": "https://github.com/tridentli/pitchfork/issues/168",
"refsource": "CONFIRM",
"url": "https://github.com/tridentli/pitchfork/issues/168"
},
{
"name": "https://github.com/tridentli/pitchfork/commit/9fd07cbe4f93e1367e142016e9a205366680dd54",
"refsource": "CONFIRM",
"url": "https://github.com/tridentli/pitchfork/commit/9fd07cbe4f93e1367e142016e9a205366680dd54"
},
{
"name": "https://thomas-ward.net/security-advisories/trident-trusted-communications-platform-privilege-escalation-issue-advisory/",
"refsource": "MISC",
"url": "https://thomas-ward.net/security-advisories/trident-trusted-communications-platform-privilege-escalation-issue-advisory/"
},
{
"name": "https://github.com/tridentli/pitchfork/commit/33549f15707801099e1253dd5e79369bd48eb59b",
"refsource": "CONFIRM",
"url": "https://github.com/tridentli/pitchfork/commit/33549f15707801099e1253dd5e79369bd48eb59b"
}
]
}
}

124
2018/1000xxx/CVE-2018-1000141.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/22/2018 23:59:29",
"ID" : "CVE-2018-1000141",
"REQUESTER" : "xiaoyin.l@outlook.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "I, Librarian",
"version" : {
"version_data" : [
{
"version_value" : "4.9 and earlier"
}
]
}
}
]
},
"vendor_name" : "I, Librarian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "3/22/2018 23:59:29",
"ID": "CVE-2018-1000141",
"REQUESTER": "xiaoyin.l@outlook.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mkucej/i-librarian/issues/124",
"refsource" : "MISC",
"url" : "https://github.com/mkucej/i-librarian/issues/124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mkucej/i-librarian/issues/124",
"refsource": "MISC",
"url": "https://github.com/mkucej/i-librarian/issues/124"
}
]
}
}

34
2018/16xxx/CVE-2018-16972.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16972",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16972",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/19xxx/CVE-2018-19129.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1138",
"refsource" : "MISC",
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1138",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1138"
}
]
}
}

34
2018/19xxx/CVE-2018-19377.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19377",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19377",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19483.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19483",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19483",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19487.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19487",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19487",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19512.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19512",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19512",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

242
2018/1xxx/CVE-2018-1301.json
View File

@ -1,123 +1,123 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-03-23T00:00:00",
"ID" : "CVE-2018-1301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache HTTP Server",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0 to 2.4.29"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Possible out of bound access after failure in reading the HTTP request"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2018-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.2.0 to 2.4.29"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180323 CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/03/24/2"
},
{
"name" : "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"
},
{
"name" : "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource" : "CONFIRM",
"url" : "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180601-0004/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
},
{
"name" : "DSA-4164",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4164"
},
{
"name" : "RHSA-2018:3558",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name" : "RHSA-2019:0366",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name" : "RHSA-2019:0367",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name" : "USN-3627-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3627-1/"
},
{
"name" : "USN-3627-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3627-2/"
},
{
"name" : "103515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103515"
},
{
"name" : "1040573",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible out of bound access after failure in reading the HTTP request"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3627-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3627-1/"
},
{
"name": "103515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103515"
},
{
"name": "[oss-security] 20180323 CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/2"
},
{
"name": "DSA-4164",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4164"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3627-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3627-2/"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "1040573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040573"
}
]
}
}

34
2018/1xxx/CVE-2018-1971.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1971",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1971",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/4xxx/CVE-2018-4198.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"UIKit\" component. It allows remote attackers to cause a denial of service via a crafted text file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208848",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208848"
},
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
},
{
"name" : "https://support.apple.com/HT208850",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208850"
},
{
"name" : "https://support.apple.com/HT208851",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208851"
},
{
"name" : "1041027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"UIKit\" component. It allows remote attackers to cause a denial of service via a crafted text file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208850",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208850"
},
{
"name": "https://support.apple.com/HT208851",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208851"
},
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

190
2018/4xxx/CVE-2018-4199.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208848",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208848"
},
{
"name" : "https://support.apple.com/HT208850",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208850"
},
{
"name" : "https://support.apple.com/HT208852",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208852"
},
{
"name" : "https://support.apple.com/HT208853",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208853"
},
{
"name" : "https://support.apple.com/HT208854",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208854"
},
{
"name" : "GLSA-201808-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201808-04"
},
{
"name" : "USN-3687-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3687-1/"
},
{
"name" : "1041029",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208850",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208850"
},
{
"name": "https://support.apple.com/HT208853",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208853"
},
{
"name": "GLSA-201808-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name": "https://support.apple.com/HT208854",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208854"
},
{
"name": "1041029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041029"
},
{
"name": "USN-3687-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208852",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208852"
}
]
}
}

34
2018/4xxx/CVE-2018-4523.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4523",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4523",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4877.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player before 28.0.0.161",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player before 28.0.0.161"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "use-after-free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player before 28.0.0.161",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player before 28.0.0.161"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name" : "RHSA-2018:0285",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name" : "102930",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name": "RHSA-2018:0285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name": "102930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102930"
}
]
}
}