admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:58:56 +00:00
parent 04360ab419
commit 87504b93fb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4118 additions and 4118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2004/1xxx/CVE-2004-1423.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1423", "ID": "CVE-2004-1423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php." "value": "Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20041229 php-Calendar File Include Vulnerability [ Command Exec ]", "name": "1017107",
"refsource" : "BUGTRAQ", "refsource": "SECTRACK",
"url" : "http://marc.info/?l=bugtraq&m=110434580716205&w=2" "url": "http://securitytracker.com/id?1017107"
}, },
{ {
"name" : "20061021 Virtual Law Office (phpc_root_path) Remote File Include Vulnerability", "name": "12127",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/449397/100/0/threaded" "url": "http://www.securityfocus.com/bid/12127"
}, },
{ {
"name" : "http://www.gulftech.org/?node=research&article_id=00060-12292004", "name": "http://www.gulftech.org/?node=research&article_id=00060-12292004",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00060-12292004" "url": "http://www.gulftech.org/?node=research&article_id=00060-12292004"
}, },
{ {
"name" : "2608", "name": "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800",
"refsource" : "EXPLOIT-DB", "refsource": "CONFIRM",
"url" : "https://www.exploit-db.com/exploits/2608" "url": "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800"
}, },
{ {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800", "name": "ADV-2006-4145",
"refsource" : "CONFIRM", "refsource": "VUPEN",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800" "url": "http://www.vupen.com/english/advisories/2006/4145"
}, },
{ {
"name" : "12127", "name": "20041229 php-Calendar File Include Vulnerability [ Command Exec ]",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/12127" "url": "http://marc.info/?l=bugtraq&m=110434580716205&w=2"
}, },
{ {
"name" : "20657", "name": "2608",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/20657" "url": "https://www.exploit-db.com/exploits/2608"
}, },
{ {
"name" : "ADV-2006-4145", "name": "20657",
"refsource" : "VUPEN", "refsource": "BID",
"url" : "http://www.vupen.com/english/advisories/2006/4145" "url": "http://www.securityfocus.com/bid/20657"
}, },
{ {
"name" : "1017107", "name": "vlo-phpcrootpath-file-include(29710)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://securitytracker.com/id?1017107" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29710"
}, },
{ {
"name" : "22516", "name": "20061021 Virtual Law Office (phpc_root_path) Remote File Include Vulnerability",
"refsource" : "SECUNIA", "refsource": "BUGTRAQ",
"url" : "http://secunia.com/advisories/22516" "url": "http://www.securityfocus.com/archive/1/449397/100/0/threaded"
}, },
{ {
"name" : "php-calendar-file-include(18710)", "name": "22516",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18710" "url": "http://secunia.com/advisories/22516"
}, },
{ {
"name" : "vlo-phpcrootpath-file-include(29710)", "name": "php-calendar-file-include(18710)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29710" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18710"
} }
] ]
} }

104
2004/1xxx/CVE-2004-1555.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1555", "ID": "CVE-2004-1555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp." "value": "Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20040926 SQL injection in BroadBoard Instant ASP Message Board", "name": "1011419",
"refsource" : "BUGTRAQ", "refsource": "SECTRACK",
"url" : "http://marc.info/?l=bugtraq&m=109630777608244&w=2" "url": "http://securitytracker.com/id?1011419"
}, },
{ {
"name" : "11250", "name": "broadboard-forgotasp-sql-injection(17502)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/11250" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17502"
}, },
{ {
"name" : "1011419", "name": "broadboard-profileasp-sql-injection(17500)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://securitytracker.com/id?1011419" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17500"
}, },
{ {
"name" : "12658", "name": "broadboard-searchasp-sql-injection(17498)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/12658" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17498"
}, },
{ {
"name" : "broadboard-forgotasp-sql-injection(17502)", "name": "20040926 SQL injection in BroadBoard Instant ASP Message Board",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17502" "url": "http://marc.info/?l=bugtraq&m=109630777608244&w=2"
}, },
{ {
"name" : "broadboard-profileasp-sql-injection(17500)", "name": "11250",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17500" "url": "http://www.securityfocus.com/bid/11250"
}, },
{ {
"name" : "broadboard-reg2asp-sql-injection(17501)", "name": "12658",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17501" "url": "http://secunia.com/advisories/12658"
}, },
{ {
"name" : "broadboard-searchasp-sql-injection(17498)", "name": "broadboard-reg2asp-sql-injection(17501)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17498" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17501"
} }
] ]
} }

86
2004/1xxx/CVE-2004-1583.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1583", "ID": "CVE-2004-1583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT." "value": "Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20041006 Directory traversal in Tridcomm 1.3", "name": "12755",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=bugtraq&m=109709637732276&w=2" "url": "http://secunia.com/advisories/12755"
}, },
{ {
"name" : "20041006 Directory traversal in Tridcomm 1.3", "name": "11343",
"refsource" : "FULLDISC", "refsource": "BID",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027195.html" "url": "http://www.securityfocus.com/bid/11343"
}, },
{ {
"name" : "11343", "name": "tridcomm-dotdot-directory-traversal(17631)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/11343" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17631"
}, },
{ {
"name" : "12755", "name": "20041006 Directory traversal in Tridcomm 1.3",
"refsource" : "SECUNIA", "refsource": "BUGTRAQ",
"url" : "http://secunia.com/advisories/12755" "url": "http://marc.info/?l=bugtraq&m=109709637732276&w=2"
}, },
{ {
"name" : "tridcomm-dotdot-directory-traversal(17631)", "name": "20041006 Directory traversal in Tridcomm 1.3",
"refsource" : "XF", "refsource": "FULLDISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17631" "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027195.html"
} }
] ]
} }

92
2008/0xxx/CVE-2008-0267.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0267", "ID": "CVE-2008-0267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php." "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities", "name": "eticket-admin-sql-injection(39487)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://www.securityfocus.com/archive/1/485835/100/0/threaded" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
}, },
{ {
"name" : "27173", "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/27173" "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
}, },
{ {
"name" : "28331", "name": "eticket-search-sql-injection(39489)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/28331" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
}, },
{ {
"name" : "3542", "name": "28331",
"refsource" : "SREASON", "refsource": "SECUNIA",
"url" : "http://securityreason.com/securityalert/3542" "url": "http://secunia.com/advisories/28331"
}, },
{ {
"name" : "eticket-search-sql-injection(39489)", "name": "27173",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489" "url": "http://www.securityfocus.com/bid/27173"
}, },
{ {
"name" : "eticket-admin-sql-injection(39487)", "name": "3542",
"refsource" : "XF", "refsource": "SREASON",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487" "url": "http://securityreason.com/securityalert/3542"
} }
] ]
} }

80
2008/0xxx/CVE-2008-0489.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0489", "ID": "CVE-2008-0489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter." "value": "Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080127 ClanSphere 2007.4.4 Remote File Disclosure Vulnerability.", "name": "3597",
"refsource" : "BUGTRAQ", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/archive/1/487132/100/0/threaded" "url": "http://securityreason.com/securityalert/3597"
}, },
{ {
"name" : "27471", "name": "27471",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/27471" "url": "http://www.securityfocus.com/bid/27471"
}, },
{ {
"name" : "3597", "name": "clansphere-install-directory-traversal(39977)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/3597" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39977"
}, },
{ {
"name" : "clansphere-install-directory-traversal(39977)", "name": "20080127 ClanSphere 2007.4.4 Remote File Disclosure Vulnerability.",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39977" "url": "http://www.securityfocus.com/archive/1/487132/100/0/threaded"
} }
] ]
} }

86
2008/3xxx/CVE-2008-3279.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3279", "ID": "CVE-2008-3279",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting." "value": "Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=457942", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=457942",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=457942" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457942"
}, },
{ {
"name" : "RHSA-2010:0181", "name": "RHSA-2010:0181",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0181.html" "url": "http://www.redhat.com/support/errata/RHSA-2010-0181.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:11399", "name": "ADV-2010-0755",
"refsource" : "OVAL", "refsource": "VUPEN",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11399" "url": "http://www.vupen.com/english/advisories/2010/0755"
}, },
{ {
"name" : "39231", "name": "39231",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/39231" "url": "http://secunia.com/advisories/39231"
}, },
{ {
"name" : "ADV-2010-0755", "name": "oval:org.mitre.oval:def:11399",
"refsource" : "VUPEN", "refsource": "OVAL",
"url" : "http://www.vupen.com/english/advisories/2010/0755" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11399"
} }
] ]
} }

134
2008/3xxx/CVE-2008-3457.json
View File

@ -1,121 +1,121 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3457", "ID": "CVE-2008-3457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php." "value": "Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf", "name": "MDVSA-2008:202",
"refsource" : "MISC", "refsource": "MANDRIVA",
"url" : "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:202"
}, },
{ {
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6", "name": "FEDORA-2008-6868",
"refsource" : "CONFIRM", "refsource": "FEDORA",
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html"
}, },
{ {
"name" : "DSA-1641", "name": "FEDORA-2008-6810",
"refsource" : "DEBIAN", "refsource": "FEDORA",
"url" : "http://www.debian.org/security/2008/dsa-1641" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html"
}, },
{ {
"name" : "FEDORA-2008-6810", "name": "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf",
"refsource" : "FEDORA", "refsource": "MISC",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html" "url": "http://yehg.net/lab/pr0js/advisories/XSS_inPhpMyAdmin2.11.7.pdf"
}, },
{ {
"name" : "FEDORA-2008-6868", "name": "32834",
"refsource" : "FEDORA", "refsource": "SECUNIA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html" "url": "http://secunia.com/advisories/32834"
}, },
{ {
"name" : "MDVSA-2008:202", "name": "ADV-2008-2226",
"refsource" : "MANDRIVA", "refsource": "VUPEN",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:202" "url": "http://www.vupen.com/english/advisories/2008/2226/references"
}, },
{ {
"name" : "SUSE-SR:2008:026", "name": "phpmyadmin-setup-configinc-xss(44052)",
"refsource" : "SUSE", "refsource": "XF",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44052"
}, },
{ {
"name" : "30420", "name": "DSA-1641",
"refsource" : "BID", "refsource": "DEBIAN",
"url" : "http://www.securityfocus.com/bid/30420" "url": "http://www.debian.org/security/2008/dsa-1641"
}, },
{ {
"name" : "ADV-2008-2226", "name": "31312",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2008/2226/references" "url": "http://secunia.com/advisories/31312"
}, },
{ {
"name" : "31263", "name": "31263",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/31263" "url": "http://secunia.com/advisories/31263"
}, },
{ {
"name" : "31312", "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/31312" "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6"
}, },
{ {
"name" : "32834", "name": "30420",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/32834" "url": "http://www.securityfocus.com/bid/30420"
}, },
{ {
"name" : "phpmyadmin-setup-configinc-xss(44052)", "name": "SUSE-SR:2008:026",
"refsource" : "XF", "refsource": "SUSE",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44052" "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
} }
] ]
} }

80
2008/3xxx/CVE-2008-3484.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3484", "ID": "CVE-2008-3484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php." "value": "SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6187", "name": "30502",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/6187" "url": "http://www.securityfocus.com/bid/30502"
}, },
{ {
"name" : "30502", "name": "4109",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/30502" "url": "http://securityreason.com/securityalert/4109"
}, },
{ {
"name" : "4109", "name": "6187",
"refsource" : "SREASON", "refsource": "EXPLOIT-DB",
"url" : "http://securityreason.com/securityalert/4109" "url": "https://www.exploit-db.com/exploits/6187"
}, },
{ {
"name" : "estoreaff-cid-sql-injection(44166)", "name": "estoreaff-cid-sql-injection(44166)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44166" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44166"
} }
] ]
} }

92
2008/3xxx/CVE-2008-3805.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-3805", "ID": "CVE-2008-3805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806." "value": "Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646", "name": "31990",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646" "url": "http://secunia.com/advisories/31990"
}, },
{ {
"name" : "20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability", "name": "oval:org.mitre.oval:def:5910",
"refsource" : "CISCO", "refsource": "OVAL",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5910"
}, },
{ {
"name" : "oval:org.mitre.oval:def:5910", "name": "1020935",
"refsource" : "OVAL", "refsource": "SECTRACK",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5910" "url": "http://www.securitytracker.com/id?1020935"
}, },
{ {
"name" : "1020935", "name": "ADV-2008-2670",
"refsource" : "SECTRACK", "refsource": "VUPEN",
"url" : "http://www.securitytracker.com/id?1020935" "url": "http://www.vupen.com/english/advisories/2008/2670"
}, },
{ {
"name" : "ADV-2008-2670", "name": "20080924 Cisco 10000, uBR10012, uBR7200 Series Devices IPC Vulnerability",
"refsource" : "VUPEN", "refsource": "CISCO",
"url" : "http://www.vupen.com/english/advisories/2008/2670" "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014ae.shtml"
}, },
{ {
"name" : "31990", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/31990" "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16646"
} }
] ]
} }

80
2008/4xxx/CVE-2008-4013.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2008-4013", "ID": "CVE-2008-4013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." "value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
}, },
{ {
"name" : "ADV-2008-2825", "name": "1021056",
"refsource" : "VUPEN", "refsource": "SECTRACK",
"url" : "http://www.vupen.com/english/advisories/2008/2825" "url": "http://www.securitytracker.com/id?1021056"
}, },
{ {
"name" : "1021056", "name": "oracle-weblogic-webapps-unauth-access(45912)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id?1021056" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45912"
}, },
{ {
"name" : "oracle-weblogic-webapps-unauth-access(45912)", "name": "ADV-2008-2825",
"refsource" : "XF", "refsource": "VUPEN",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45912" "url": "http://www.vupen.com/english/advisories/2008/2825"
} }
] ]
} }

122
2008/4xxx/CVE-2008-4036.json
View File

@ -1,111 +1,111 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-4036", "ID": "CVE-2008-4036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a \"memory allocation mapping error,\" aka \"Virtual Address Descriptor Elevation of Privilege Vulnerability.\"" "value": "Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a \"memory allocation mapping error,\" aka \"Virtual Address Descriptor Elevation of Privilege Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "HPSBST02379", "name": "32251",
"refsource" : "HP", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "url": "http://secunia.com/advisories/32251"
}, },
{ {
"name" : "SSRT080143", "name": "SSRT080143",
"refsource" : "HP", "refsource": "HP",
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
}, },
{ {
"name" : "MS08-064", "name": "ADV-2008-2815",
"refsource" : "MS", "refsource": "VUPEN",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064" "url": "http://www.vupen.com/english/advisories/2008/2815"
}, },
{ {
"name" : "TA08-288A", "name": "1021051",
"refsource" : "CERT", "refsource": "SECTRACK",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" "url": "http://www.securitytracker.com/id?1021051"
}, },
{ {
"name" : "31675", "name": "HPSBST02379",
"refsource" : "BID", "refsource": "HP",
"url" : "http://www.securityfocus.com/bid/31675" "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
}, },
{ {
"name" : "oval:org.mitre.oval:def:5343", "name": "MS08-064",
"refsource" : "OVAL", "refsource": "MS",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-064"
}, },
{ {
"name" : "ADV-2008-2815", "name": "win-vad-privilege-escalation(45571)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2008/2815" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45571"
}, },
{ {
"name" : "1021051", "name": "31675",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id?1021051" "url": "http://www.securityfocus.com/bid/31675"
}, },
{ {
"name" : "32251", "name": "TA08-288A",
"refsource" : "SECUNIA", "refsource": "CERT",
"url" : "http://secunia.com/advisories/32251" "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
}, },
{ {
"name" : "win-ms08kb956841-update(45572)", "name": "oval:org.mitre.oval:def:5343",
"refsource" : "XF", "refsource": "OVAL",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45572" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5343"
}, },
{ {
"name" : "win-vad-privilege-escalation(45571)", "name": "win-ms08kb956841-update(45572)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45571" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45572"
} }
] ]
} }

86
2008/4xxx/CVE-2008-4074.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4074", "ID": "CVE-2008-4074",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action." "value": "SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6433", "name": "autodealerscms-index-sql-injection(45049)",
"refsource" : "EXPLOIT-DB", "refsource": "XF",
"url" : "https://www.exploit-db.com/exploits/6433" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45049"
}, },
{ {
"name" : "31137", "name": "6433",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/31137" "url": "https://www.exploit-db.com/exploits/6433"
}, },
{ {
"name" : "4247", "name": "autodealerscms-id-sql-injection(45200)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/4247" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45200"
}, },
{ {
"name" : "autodealerscms-index-sql-injection(45049)", "name": "4247",
"refsource" : "XF", "refsource": "SREASON",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45049" "url": "http://securityreason.com/securityalert/4247"
}, },
{ {
"name" : "autodealerscms-id-sql-injection(45200)", "name": "31137",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45200" "url": "http://www.securityfocus.com/bid/31137"
} }
] ]
} }

86
2008/4xxx/CVE-2008-4700.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4700", "ID": "CVE-2008-4700",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter." "value": "SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6416", "name": "4472",
"refsource" : "EXPLOIT-DB", "refsource": "SREASON",
"url" : "https://www.exploit-db.com/exploits/6416" "url": "http://securityreason.com/securityalert/4472"
}, },
{ {
"name" : "31102", "name": "31811",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/31102" "url": "http://secunia.com/advisories/31811"
}, },
{ {
"name" : "31811", "name": "libera-admin-sql-injection(45011)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/31811" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45011"
}, },
{ {
"name" : "4472", "name": "31102",
"refsource" : "SREASON", "refsource": "BID",
"url" : "http://securityreason.com/securityalert/4472" "url": "http://www.securityfocus.com/bid/31102"
}, },
{ {
"name" : "libera-admin-sql-injection(45011)", "name": "6416",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45011" "url": "https://www.exploit-db.com/exploits/6416"
} }
] ]
} }

110
2008/4xxx/CVE-2008-4874.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4874", "ID": "CVE-2008-4874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door \"service\" account with \"service\" as its password, which makes it easier for remote attackers to obtain access." "value": "The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door \"service\" account with \"service\" as its password, which makes it easier for remote attackers to obtain access."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080214 Philips VOIP841 Multiple Vulnerabilities", "name": "5113",
"refsource" : "BUGTRAQ", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/archive/1/488127/100/200/threaded" "url": "https://www.exploit-db.com/exploits/5113"
}, },
{ {
"name" : "20080215 Re: Philips VOIP841 Multiple Vulnerabilities", "name": "28978",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0227.html" "url": "http://secunia.com/advisories/28978"
}, },
{ {
"name" : "5113", "name": "42940",
"refsource" : "EXPLOIT-DB", "refsource": "OSVDB",
"url" : "https://www.exploit-db.com/exploits/5113" "url": "http://osvdb.org/42940"
}, },
{ {
"name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt", "name": "27790",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt" "url": "http://www.securityfocus.com/bid/27790"
}, },
{ {
"name" : "27790", "name": "ADV-2008-0583",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/27790" "url": "http://www.vupen.com/english/advisories/2008/0583"
}, },
{ {
"name" : "42940", "name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt",
"refsource" : "OSVDB", "refsource": "MISC",
"url" : "http://osvdb.org/42940" "url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt"
}, },
{ {
"name" : "ADV-2008-0583", "name": "20080214 Philips VOIP841 Multiple Vulnerabilities",
"refsource" : "VUPEN", "refsource": "BUGTRAQ",
"url" : "http://www.vupen.com/english/advisories/2008/0583" "url": "http://www.securityfocus.com/archive/1/488127/100/200/threaded"
}, },
{ {
"name" : "28978", "name": "4536",
"refsource" : "SECUNIA", "refsource": "SREASON",
"url" : "http://secunia.com/advisories/28978" "url": "http://securityreason.com/securityalert/4536"
}, },
{ {
"name" : "4536", "name": "20080215 Re: Philips VOIP841 Multiple Vulnerabilities",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/4536" "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0227.html"
} }
] ]
} }

86
2008/6xxx/CVE-2008-6368.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6368", "ID": "CVE-2008-6368",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter." "value": "SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt", "name": "18195",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt" "url": "http://www.securityfocus.com/bid/18195"
}, },
{ {
"name" : "18195", "name": "50343",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/18195" "url": "http://osvdb.org/50343"
}, },
{ {
"name" : "50343", "name": "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt",
"refsource" : "OSVDB", "refsource": "MISC",
"url" : "http://osvdb.org/50343" "url": "http://packetstorm.linuxsecurity.com/0811-exploits/chipmunkguestbook-sqlxss.txt"
}, },
{ {
"name" : "32907", "name": "32907",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/32907" "url": "http://secunia.com/advisories/32907"
}, },
{ {
"name" : "chipmunk-index-sql-injection(46941)", "name": "chipmunk-index-sql-injection(46941)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46941" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46941"
} }
] ]
} }

98
2008/7xxx/CVE-2008-7096.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7096", "ID": "CVE-2008-7096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3." "value": "Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://invisiblethingslab.com/bh08/part2-full.pdf", "name": "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://invisiblethingslab.com/bh08/part2-full.pdf" "url": "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html"
}, },
{ {
"name" : "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html", "name": "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html" "url": "http://theinvisiblethings.blogspot.com/2008/08/attacking-xen-domu-vs-dom0.html"
}, },
{ {
"name" : "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html", "name": "30823",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://theinvisiblethings.blogspot.com/2008/08/intel-patches-q35-bug.html" "url": "http://www.securityfocus.com/bid/30823"
}, },
{ {
"name" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr", "name": "http://invisiblethingslab.com/bh08/part2-full.pdf",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr" "url": "http://invisiblethingslab.com/bh08/part2-full.pdf"
}, },
{ {
"name" : "30823", "name": "intel-bios-smm-privilege-escalation(44676)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/30823" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44676"
}, },
{ {
"name" : "49901", "name": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr",
"refsource" : "OSVDB", "refsource": "CONFIRM",
"url" : "http://osvdb.org/49901" "url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr"
}, },
{ {
"name" : "intel-bios-smm-privilege-escalation(44676)", "name": "49901",
"refsource" : "XF", "refsource": "OSVDB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44676" "url": "http://osvdb.org/49901"
} }
] ]
} }

230
2013/2xxx/CVE-2013-2094.json
View File

@ -1,201 +1,201 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2094", "ID": "CVE-2013-2094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call." "value": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "33589", "name": "openSUSE-SU-2013:0847",
"refsource" : "EXPLOIT-DB", "refsource": "SUSE",
"url" : "http://www.exploit-db.com/exploits/33589" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
}, },
{ {
"name" : "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", "name": "MDVSA-2013:176",
"refsource" : "MLIST", "refsource": "MANDRIVA",
"url" : "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
}, },
{ {
"name" : "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", "name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html" "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"
}, },
{ {
"name" : "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", "name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html" "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"
}, },
{ {
"name" : "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", "name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/05/14/6" "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"
}, },
{ {
"name" : "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", "name": "USN-1826-1",
"refsource" : "MLIST", "refsource": "UBUNTU",
"url" : "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html" "url": "http://www.ubuntu.com/usn/USN-1826-1"
}, },
{ {
"name" : "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", "name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html" "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"
}, },
{ {
"name" : "http://news.ycombinator.com/item?id=5703758", "name": "USN-1838-1",
"refsource" : "MISC", "refsource": "UBUNTU",
"url" : "http://news.ycombinator.com/item?id=5703758" "url": "http://www.ubuntu.com/usn/USN-1838-1"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/121616/semtex.c", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=962792",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://packetstormsecurity.com/files/121616/semtex.c" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"
}, },
{ {
"name" : "http://twitter.com/djrbliss/statuses/334301992648331267", "name": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://twitter.com/djrbliss/statuses/334301992648331267" "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"
}, },
{ {
"name" : "http://www.reddit.com/r/netsec/comments/1eb9iw", "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://www.reddit.com/r/netsec/comments/1eb9iw" "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"
}, },
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f", "name": "USN-1828-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f" "url": "http://www.ubuntu.com/usn/USN-1828-1"
}, },
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9", "name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9" "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=962792", "name": "USN-1827-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=962792" "url": "http://www.ubuntu.com/usn/USN-1827-1"
}, },
{ {
"name" : "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f", "name": "USN-1836-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f" "url": "http://www.ubuntu.com/usn/USN-1836-1"
}, },
{ {
"name" : "MDVSA-2013:176", "name": "93361",
"refsource" : "MANDRIVA", "refsource": "OSVDB",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" "url": "http://www.osvdb.org/93361"
}, },
{ {
"name" : "RHSA-2013:0830", "name": "33589",
"refsource" : "REDHAT", "refsource": "EXPLOIT-DB",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0830.html" "url": "http://www.exploit-db.com/exploits/33589"
}, },
{ {
"name" : "SUSE-SU-2013:0819", "name": "RHSA-2013:0830",
"refsource" : "SUSE", "refsource": "REDHAT",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"
}, },
{ {
"name" : "openSUSE-SU-2013:0847", "name": "http://news.ycombinator.com/item?id=5703758",
"refsource" : "SUSE", "refsource": "MISC",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html" "url": "http://news.ycombinator.com/item?id=5703758"
}, },
{ {
"name" : "openSUSE-SU-2013:0925", "name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access",
"refsource" : "SUSE", "refsource": "MLIST",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"
}, },
{ {
"name" : "openSUSE-SU-2013:0951", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f",
"refsource" : "SUSE", "refsource": "CONFIRM",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html" "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f"
}, },
{ {
"name" : "openSUSE-SU-2013:1042", "name": "SUSE-SU-2013:0819",
"refsource" : "SUSE", "refsource": "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"
}, },
{ {
"name" : "USN-1825-1", "name": "http://packetstormsecurity.com/files/121616/semtex.c",
"refsource" : "UBUNTU", "refsource": "MISC",
"url" : "http://www.ubuntu.com/usn/USN-1825-1" "url": "http://packetstormsecurity.com/files/121616/semtex.c"
}, },
{ {
"name" : "USN-1826-1", "name": "openSUSE-SU-2013:0925",
"refsource" : "UBUNTU", "refsource": "SUSE",
"url" : "http://www.ubuntu.com/usn/USN-1826-1" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
}, },
{ {
"name" : "USN-1827-1", "name": "http://twitter.com/djrbliss/statuses/334301992648331267",
"refsource" : "UBUNTU", "refsource": "MISC",
"url" : "http://www.ubuntu.com/usn/USN-1827-1" "url": "http://twitter.com/djrbliss/statuses/334301992648331267"
}, },
{ {
"name" : "USN-1828-1", "name": "http://www.reddit.com/r/netsec/comments/1eb9iw",
"refsource" : "UBUNTU", "refsource": "MISC",
"url" : "http://www.ubuntu.com/usn/USN-1828-1" "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"
}, },
{ {
"name" : "USN-1836-1", "name": "openSUSE-SU-2013:1042",
"refsource" : "UBUNTU", "refsource": "SUSE",
"url" : "http://www.ubuntu.com/usn/USN-1836-1" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"
}, },
{ {
"name" : "USN-1838-1", "name": "USN-1825-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1838-1" "url": "http://www.ubuntu.com/usn/USN-1825-1"
}, },
{ {
"name" : "93361", "name": "openSUSE-SU-2013:0951",
"refsource" : "OSVDB", "refsource": "SUSE",
"url" : "http://www.osvdb.org/93361" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"
} }
] ]
} }

68
2013/2xxx/CVE-2013-2408.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2408", "ID": "CVE-2013-2408",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6." "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
}, },
{ {
"name" : "MDVSA-2013:150", "name": "MDVSA-2013:150",
"refsource" : "MANDRIVA", "refsource": "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
} }
] ]
} }

188
2013/2xxx/CVE-2013-2461.json
View File

@ -1,166 +1,166 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2461", "ID": "CVE-2013-2461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a \"Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.\"" "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a \"Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2",
"refsource" : "BUGTRAQ", "refsource": "MISC",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2"
}, },
{ {
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "name": "HPSBUX02908",
"refsource" : "FULLDISC", "refsource": "HP",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23" "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2"
}, },
{ {
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2", "name": "RHSA-2014:0414",
"refsource" : "MISC", "refsource": "REDHAT",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2" "url": "https://access.redhat.com/errata/RHSA-2014:0414"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "name": "GLSA-201406-32",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975126", "name": "oval:org.mitre.oval:def:16887",
"refsource" : "CONFIRM", "refsource": "OVAL",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975126" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
}, },
{ {
"name" : "http://advisories.mageia.org/MGASA-2013-0185.html", "name": "HPSBUX02907",
"refsource" : "CONFIRM", "refsource": "HP",
"url" : "http://advisories.mageia.org/MGASA-2013-0185.html" "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "name": "54154",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" "url": "http://secunia.com/advisories/54154"
}, },
{ {
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "name": "oval:org.mitre.oval:def:19582",
"refsource" : "CONFIRM", "refsource": "OVAL",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582"
}, },
{ {
"name" : "GLSA-201406-32", "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "GENTOO", "refsource": "CONFIRM",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
}, },
{ {
"name" : "HPSBUX02907", "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "HP", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
}, },
{ {
"name" : "HPSBUX02908", "name": "oval:org.mitre.oval:def:19565",
"refsource" : "HP", "refsource": "OVAL",
"url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565"
}, },
{ {
"name" : "MDVSA-2013:183", "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "MANDRIVA", "refsource": "CONFIRM",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
}, },
{ {
"name" : "RHSA-2013:0963", "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}, },
{ {
"name" : "RHSA-2014:0414", "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "REDHAT", "refsource": "FULLDISC",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
}, },
{ {
"name" : "TA13-169A", "name": "TA13-169A",
"refsource" : "CERT", "refsource": "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
}, },
{ {
"name" : "60645", "name": "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/60645" "url": "http://advisories.mageia.org/MGASA-2013-0185.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16887", "name": "RHSA-2013:0963",
"refsource" : "OVAL", "refsource": "REDHAT",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887" "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:19565", "name": "60645",
"refsource" : "OVAL", "refsource": "BID",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565" "url": "http://www.securityfocus.com/bid/60645"
}, },
{ {
"name" : "oval:org.mitre.oval:def:19582", "name": "MDVSA-2013:183",
"refsource" : "OVAL", "refsource": "MANDRIVA",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
}, },
{ {
"name" : "54154", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975126",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/54154" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975126"
} }
] ]
} }

92
2013/2xxx/CVE-2013-2559.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2559", "ID": "CVE-2013-2559",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands." "value": "SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20130403 SQL Injection Vulnerability in Symphony", "name": "symphony-sort-sql-injection(83227)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83227"
}, },
{ {
"name" : "https://www.htbridge.com/advisory/HTB23148", "name": "20130403 SQL Injection Vulnerability in Symphony",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "https://www.htbridge.com/advisory/HTB23148" "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html"
}, },
{ {
"name" : "http://www.getsymphony.com/download/releases/version/2.3.2", "name": "https://www.htbridge.com/advisory/HTB23148",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://www.getsymphony.com/download/releases/version/2.3.2" "url": "https://www.htbridge.com/advisory/HTB23148"
}, },
{ {
"name" : "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468", "name": "58843",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468" "url": "http://www.securityfocus.com/bid/58843"
}, },
{ {
"name" : "58843", "name": "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/58843" "url": "https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468"
}, },
{ {
"name" : "symphony-sort-sql-injection(83227)", "name": "http://www.getsymphony.com/download/releases/version/2.3.2",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83227" "url": "http://www.getsymphony.com/download/releases/version/2.3.2"
} }
] ]
} }

62
2013/2xxx/CVE-2013-2822.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-2822", "ID": "CVE-2013-2822",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line." "value": "NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01", "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01" "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-352-01"
} }
] ]
} }

74
2013/2xxx/CVE-2013-2993.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-2993", "ID": "CVE-2013-2993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors." "value": "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644391", "name": "JR45302",
"refsource" : "CONFIRM", "refsource": "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644391" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302"
}, },
{ {
"name" : "JR45302", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644391",
"refsource" : "AIXAPAR", "refsource": "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644391"
}, },
{ {
"name" : "websphere-commerce-cve20132993-auth(84031)", "name": "websphere-commerce-cve20132993-auth(84031)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84031" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84031"
} }
] ]
} }

22
2013/6xxx/CVE-2013-6118.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6118", "ID": "CVE-2013-6118",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

86
2013/6xxx/CVE-2013-6316.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-6316", "ID": "CVE-2013-6316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor." "value": "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", "name": "64492",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660011" "url": "http://www.securityfocus.com/bid/64492"
}, },
{ {
"name" : "PI04897", "name": "ibm-wsportal-cve20136316-taxonomy(88597)",
"refsource" : "AIXAPAR", "refsource": "XF",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597"
}, },
{ {
"name" : "64492", "name": "101270",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/64492" "url": "http://osvdb.org/101270"
}, },
{ {
"name" : "101270", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011",
"refsource" : "OSVDB", "refsource": "CONFIRM",
"url" : "http://osvdb.org/101270" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
}, },
{ {
"name" : "ibm-wsportal-cve20136316-taxonomy(88597)", "name": "PI04897",
"refsource" : "XF", "refsource": "AIXAPAR",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897"
} }
] ]
} }

92
2013/6xxx/CVE-2013-6466.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6466", "ID": "CVE-2013-6466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads." "value": "Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt", "name": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt" "url": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt"
}, },
{ {
"name" : "https://cert.vde.com/en-us/advisories/vde-2017-001", "name": "65155",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://cert.vde.com/en-us/advisories/vde-2017-001" "url": "http://www.securityfocus.com/bid/65155"
}, },
{ {
"name" : "DSA-2893", "name": "https://cert.vde.com/en-us/advisories/vde-2017-001",
"refsource" : "DEBIAN", "refsource": "CONFIRM",
"url" : "http://www.debian.org/security/2014/dsa-2893" "url": "https://cert.vde.com/en-us/advisories/vde-2017-001"
}, },
{ {
"name" : "RHSA-2014:0185", "name": "RHSA-2014:0185",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0185.html" "url": "http://rhn.redhat.com/errata/RHSA-2014-0185.html"
}, },
{ {
"name" : "65155", "name": "DSA-2893",
"refsource" : "BID", "refsource": "DEBIAN",
"url" : "http://www.securityfocus.com/bid/65155" "url": "http://www.debian.org/security/2014/dsa-2893"
}, },
{ {
"name" : "openswan-cve20136466-dos(90524)", "name": "openswan-cve20136466-dos(90524)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90524" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90524"
} }
] ]
} }

74
2013/7xxx/CVE-2013-7431.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7431", "ID": "CVE-2013-7431",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!." "value": "Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20150226 Re: CVE request: Joomla Google Maps Plugin", "name": "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "http://www.openwall.com/lists/oss-security/2015/02/26/11" "url": "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html"
}, },
{ {
"name" : "http://securityvulns.ru/docs29645.html", "name": "http://securityvulns.ru/docs29645.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://securityvulns.ru/docs29645.html" "url": "http://securityvulns.ru/docs29645.html"
}, },
{ {
"name" : "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html", "name": "[oss-security] 20150226 Re: CVE request: Joomla Google Maps Plugin",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html" "url": "http://www.openwall.com/lists/oss-security/2015/02/26/11"
} }
] ]
} }

106
2017/10xxx/CVE-2017-10111.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10111", "ID": "CVE-2017-10111",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE: 8u131; Java SE Embedded: 8u131" "version_value": "Java SE: 8u131; Java SE Embedded: 8u131"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "RHSA-2017:1790",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "url": "https://access.redhat.com/errata/RHSA-2017:1790"
}, },
{ {
"name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
}, },
{ {
"name" : "DSA-3919", "name": "RHSA-2017:1789",
"refsource" : "DEBIAN", "refsource": "REDHAT",
"url" : "http://www.debian.org/security/2017/dsa-3919" "url": "https://access.redhat.com/errata/RHSA-2017:1789"
}, },
{ {
"name" : "GLSA-201709-22", "name": "1038931",
"refsource" : "GENTOO", "refsource": "SECTRACK",
"url" : "https://security.gentoo.org/glsa/201709-22" "url": "http://www.securitytracker.com/id/1038931"
}, },
{ {
"name" : "RHSA-2017:1789", "name": "GLSA-201709-22",
"refsource" : "REDHAT", "refsource": "GENTOO",
"url" : "https://access.redhat.com/errata/RHSA-2017:1789" "url": "https://security.gentoo.org/glsa/201709-22"
}, },
{ {
"name" : "RHSA-2017:1790", "name": "99707",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "https://access.redhat.com/errata/RHSA-2017:1790" "url": "http://www.securityfocus.com/bid/99707"
}, },
{ {
"name" : "99707", "name": "DSA-3919",
"refsource" : "BID", "refsource": "DEBIAN",
"url" : "http://www.securityfocus.com/bid/99707" "url": "http://www.debian.org/security/2017/dsa-3919"
}, },
{ {
"name" : "1038931", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1038931" "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
} }
] ]
} }

22
2017/10xxx/CVE-2017-10658.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-10658", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2017-10658",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }

68
2017/10xxx/CVE-2017-10830.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10830", "ID": "CVE-2017-10830",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Setup Tool", "product_name": "Security Setup Tool",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION" "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." "value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Untrusted search path vulnerability" "value": "Untrusted search path vulnerability"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://f-security.jp/v6/support/information/100161.html", "name": "JVN#36303528",
"refsource" : "MISC", "refsource": "JVN",
"url" : "http://f-security.jp/v6/support/information/100161.html" "url": "https://jvn.jp/en/jp/JVN36303528/index.html"
}, },
{ {
"name" : "JVN#36303528", "name": "http://f-security.jp/v6/support/information/100161.html",
"refsource" : "JVN", "refsource": "MISC",
"url" : "https://jvn.jp/en/jp/JVN36303528/index.html" "url": "http://f-security.jp/v6/support/information/100161.html"
} }
] ]
} }

76
2017/14xxx/CVE-2017-14010.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2017-10-19T00:00:00", "DATE_PUBLIC": "2017-10-19T00:00:00",
"ID" : "CVE-2017-14010", "ID": "CVE-2017-14010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MicroBrowser", "product_name": "MicroBrowser",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior." "version_value": "MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SpiderControl" "vendor_name": "SpiderControl"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system." "value": "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://spidercontrol.net/download/downloadarea/?lang=en", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://spidercontrol.net/download/downloadarea/?lang=en" "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01"
}, },
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", "name": "http://spidercontrol.net/download/downloadarea/?lang=en",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01" "url": "http://spidercontrol.net/download/downloadarea/?lang=en"
}, },
{ {
"name" : "101505", "name": "101505",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/101505" "url": "http://www.securityfocus.com/bid/101505"
} }
] ]
} }

22
2017/14xxx/CVE-2017-14234.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14234", "ID": "CVE-2017-14234",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2017/14xxx/CVE-2017-14532.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14532", "ID": "CVE-2017-14532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c." "value": "ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/719", "name": "https://github.com/ImageMagick/ImageMagick/issues/719",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/719" "url": "https://github.com/ImageMagick/ImageMagick/issues/719"
}, },
{ {
"name" : "USN-3681-1", "name": "USN-3681-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/" "url": "https://usn.ubuntu.com/3681-1/"
}, },
{ {
"name" : "100883", "name": "100883",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/100883" "url": "http://www.securityfocus.com/bid/100883"
} }
] ]
} }

74
2017/14xxx/CVE-2017-14634.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14634", "ID": "CVE-2017-14634",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file." "value": "In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "name": "https://github.com/erikd/libsndfile/issues/318",
"refsource" : "MLIST", "refsource": "MISC",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" "url": "https://github.com/erikd/libsndfile/issues/318"
}, },
{ {
"name" : "https://github.com/erikd/libsndfile/issues/318", "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update",
"refsource" : "MISC", "refsource": "MLIST",
"url" : "https://github.com/erikd/libsndfile/issues/318" "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
}, },
{ {
"name" : "GLSA-201811-23", "name": "GLSA-201811-23",
"refsource" : "GENTOO", "refsource": "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-23" "url": "https://security.gentoo.org/glsa/201811-23"
} }
] ]
} }

70
2017/14xxx/CVE-2017-14889.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00", "DATE_PUBLIC": "2018-03-05T00:00:00",
"ID" : "CVE-2017-14889", "ID": "CVE-2017-14889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler." "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755" "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755"
}, },
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" "url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
} }
] ]
} }

74
2017/15xxx/CVE-2017-15214.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15214", "ID": "CVE-2017-15214",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php." "value": "Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://openwall.com/lists/oss-security/2017/10/07/1", "name": "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/10/07/1" "url": "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6"
}, },
{ {
"name" : "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc", "name": "http://openwall.com/lists/oss-security/2017/10/07/1",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc" "url": "http://openwall.com/lists/oss-security/2017/10/07/1"
}, },
{ {
"name" : "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6", "name": "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/Flyspray/flyspray/releases/tag/v1.0-rc6" "url": "https://github.com/Flyspray/flyspray/commit/00cfae5661124f9d67ac6733db61b2bfee34dccc"
} }
] ]
} }

62
2017/15xxx/CVE-2017-15220.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15220", "ID": "CVE-2017-15220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code." "value": "Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "42973", "name": "42973",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42973/" "url": "https://www.exploit-db.com/exploits/42973/"
} }
] ]
} }

62
2017/15xxx/CVE-2017-15248.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15248", "ID": "CVE-2017-15248",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6.\"" "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248", "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248" "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15248"
} }
] ]
} }

62
2017/15xxx/CVE-2017-15673.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15673", "ID": "CVE-2017-15673",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page." "value": "The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html", "name": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html" "url": "http://packetstormsecurity.com/files/145096/CSC-Cart-4.6.2-Shell-Upload.html"
} }
] ]
} }

62
2017/15xxx/CVE-2017-15734.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15734", "ID": "CVE-2017-15734",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php." "value": "In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77", "name": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77" "url": "https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77"
} }
] ]
} }

68
2017/9xxx/CVE-2017-9523.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9523", "ID": "CVE-2017-9523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342." "value": "The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html", "name": "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html" "url": "http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html"
}, },
{ {
"name" : "99016", "name": "99016",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/99016" "url": "http://www.securityfocus.com/bid/99016"
} }
] ]
} }

70
2017/9xxx/CVE-2017-9682.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-06-01T00:00:00", "DATE_PUBLIC": "2017-06-01T00:00:00",
"ID" : "CVE-2017-9682", "ID": "CVE-2017-9682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "All Qualcomm products", "product_name": "All Qualcomm products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition." "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Use After Free in Graphics" "value": "Use After Free in Graphics"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2017-06-01", "name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01" "url": "https://source.android.com/security/bulletin/2017-06-01"
}, },
{ {
"name" : "100213", "name": "100213",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/100213" "url": "http://www.securityfocus.com/bid/100213"
} }
] ]
} }

68
2018/0xxx/CVE-2018-0271.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0271", "ID": "CVE-2018-0271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Digital Network Architecture Center", "product_name": "Cisco Digital Network Architecture Center",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Digital Network Architecture Center" "version_value": "Cisco Digital Network Architecture Center"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394." "value": "A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center. This vulnerability affects Cisco DNA Center Software Releases prior to 1.1.2. Cisco Bug IDs: CSCvi09394."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-287" "value": "CWE-287"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2", "name": "104191",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2" "url": "http://www.securityfocus.com/bid/104191"
}, },
{ {
"name" : "104191", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/104191" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2"
} }
] ]
} }

88
2018/0xxx/CVE-2018-0425.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-05T16:00:00-0500", "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID" : "CVE-2018-0425", "ID": "CVE-2018-0425",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability" "TITLE": "Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ", "product_name": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials." "value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : { "cvss": {
"baseScore" : "7.5", "baseScore": "7.5",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-200" "value": "CWE-200"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability", "name": "20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure"
}, },
{ {
"name" : "1041676", "name": "1041676",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041676" "url": "http://www.securitytracker.com/id/1041676"
} }
] ]
}, },
"source" : { "source": {
"advisory" : "cisco-sa-20180905-rv-routers-disclosure", "advisory": "cisco-sa-20180905-rv-routers-disclosure",
"defect" : [ "defect": [
[ [
"CSCvj23227", "CSCvj23227",
"CSCvj42744", "CSCvj42744",
"CSCvj42746" "CSCvj42746"
] ]
], ],
"discovery" : "UNKNOWN" "discovery": "UNKNOWN"
} }
} }

88
2018/0xxx/CVE-2018-0481.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-26T16:00:00-0500", "DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID" : "CVE-2018-0481", "ID": "CVE-2018-0481",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco IOS XE Software Command Injection Vulnerabilities" "TITLE": "Cisco IOS XE Software Command Injection Vulnerabilities"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XE Software", "product_name": "Cisco IOS XE Software",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device." "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : { "cvss": {
"baseScore" : "6.7", "baseScore": "6.7",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-77" "value": "CWE-77"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20180926 Cisco IOS XE Software Command Injection Vulnerabilities", "name": "20180926 Cisco IOS XE Software Command Injection Vulnerabilities",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj"
}, },
{ {
"name" : "1041737", "name": "1041737",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041737" "url": "http://www.securitytracker.com/id/1041737"
} }
] ]
}, },
"source" : { "source": {
"advisory" : "cisco-sa-20180926-iosxe-cmdinj", "advisory": "cisco-sa-20180926-iosxe-cmdinj",
"defect" : [ "defect": [
[ [
"CSCvh02919", "CSCvh02919",
"CSCvh54202" "CSCvh54202"
] ]
], ],
"discovery" : "UNKNOWN" "discovery": "UNKNOWN"
} }
} }

68
2018/0xxx/CVE-2018-0523.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0523", "ID": "CVE-2018-0523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WXR-1900DHP2", "product_name": "WXR-1900DHP2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware Ver.2.48 and earlier" "version_value": "firmware Ver.2.48 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "BUFFALO INC." "vendor_name": "BUFFALO INC."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors." "value": "Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "OS Command Injection" "value": "OS Command Injection"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://buffalo.jp/support_s/s20180223.html", "name": "http://buffalo.jp/support_s/s20180223.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://buffalo.jp/support_s/s20180223.html" "url": "http://buffalo.jp/support_s/s20180223.html"
}, },
{ {
"name" : "JVN#97144273", "name": "JVN#97144273",
"refsource" : "JVN", "refsource": "JVN",
"url" : "https://jvn.jp/en/jp/JVN97144273/index.html" "url": "https://jvn.jp/en/jp/JVN97144273/index.html"
} }
] ]
} }

74
2018/0xxx/CVE-2018-0687.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0687", "ID": "CVE-2018-0687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)", "product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier" "version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NEOJAPAN Inc." "vendor_name": "NEOJAPAN Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." "value": "Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting" "value": "Cross-site scripting"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.denbun.com/en/imap/support/security/181003.html", "name": "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.denbun.com/en/imap/support/security/181003.html" "url": "https://www.denbun.com/en/pop/support/security/181003.html"
}, },
{ {
"name" : "https://www.denbun.com/en/pop/support/security/181003.html", "name": "JVN#00344155",
"refsource" : "MISC", "refsource": "JVN",
"url" : "https://www.denbun.com/en/pop/support/security/181003.html" "url": "http://jvn.jp/en/jp/JVN00344155/index.html"
}, },
{ {
"name" : "JVN#00344155", "name": "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource" : "JVN", "refsource": "MISC",
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html" "url": "https://www.denbun.com/en/imap/support/security/181003.html"
} }
] ]
} }

76
2018/0xxx/CVE-2018-0902.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00", "DATE_PUBLIC": "2018-03-14T00:00:00",
"ID" : "CVE-2018-0902", "ID": "CVE-2018-0902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cryptography Next Generation (CNG) kernel-mode driver (cng.sys)", "product_name": "Cryptography Next Generation (CNG) kernel-mode driver (cng.sys)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709" "version_value": "Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka \"Windows Security Feature Bypass Vulnerability\". This CVE is unique from CVE-2018-0884." "value": "The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka \"Windows Security Feature Bypass Vulnerability\". This CVE is unique from CVE-2018-0884."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Security Feature Bypass" "value": "Security Feature Bypass"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902"
}, },
{ {
"name" : "103266", "name": "103266",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103266" "url": "http://www.securityfocus.com/bid/103266"
}, },
{ {
"name" : "1040520", "name": "1040520",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040520" "url": "http://www.securitytracker.com/id/1040520"
} }
] ]
} }

66
2018/1000xxx/CVE-2018-1000151.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-04-05", "DATE_ASSIGNED": "2018-04-05",
"ID" : "CVE-2018-1000151", "ID": "CVE-2018-1000151",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins vSphere Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.16 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default." "value": "A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-295" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504", "name": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504" "url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504"
} }
] ]
} }

22
2018/16xxx/CVE-2018-16100.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-16100", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2018-16100",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }

62
2018/16xxx/CVE-2018-16115.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16115", "ID": "CVE-2018-16115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster." "value": "Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html", "name": "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html" "url": "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html"
} }
] ]
} }

62
2018/16xxx/CVE-2018-16455.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16455", "ID": "CVE-2018-16455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword." "value": "PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/", "name": "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/" "url": "https://googlequeens.com/2018/09/04/cve-2018-16455-market-place-script-1-0-1-stored-xss-via-search-by-keyword/"
} }
] ]
} }

146
2018/16xxx/CVE-2018-16509.json
View File

@ -1,131 +1,131 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16509", "ID": "CVE-2018-16509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction." "value": "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "45369", "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5",
"refsource" : "EXPLOIT-DB", "refsource": "MISC",
"url" : "https://www.exploit-db.com/exploits/45369/" "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5"
}, },
{ {
"name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", "name": "45369",
"refsource" : "MLIST", "refsource": "EXPLOIT-DB",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" "url": "https://www.exploit-db.com/exploits/45369/"
}, },
{ {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5", "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699654",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5" "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699654"
}, },
{ {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156", "name": "RHSA-2018:2918",
"refsource" : "MISC", "refsource": "REDHAT",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156" "url": "https://access.redhat.com/errata/RHSA-2018:2918"
}, },
{ {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31", "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31" "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31"
}, },
{ {
"name" : "http://seclists.org/oss-sec/2018/q3/142", "name": "GLSA-201811-12",
"refsource" : "MISC", "refsource": "GENTOO",
"url" : "http://seclists.org/oss-sec/2018/q3/142" "url": "https://security.gentoo.org/glsa/201811-12"
}, },
{ {
"name" : "https://www.artifex.com/news/ghostscript-security-resolved/", "name": "USN-3768-1",
"refsource" : "MISC", "refsource": "UBUNTU",
"url" : "https://www.artifex.com/news/ghostscript-security-resolved/" "url": "https://usn.ubuntu.com/3768-1/"
}, },
{ {
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699654", "name": "https://www.artifex.com/news/ghostscript-security-resolved/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699654" "url": "https://www.artifex.com/news/ghostscript-security-resolved/"
}, },
{ {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764", "name": "RHSA-2018:3760",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764" "url": "https://access.redhat.com/errata/RHSA-2018:3760"
}, },
{ {
"name" : "DSA-4294", "name": "http://seclists.org/oss-sec/2018/q3/142",
"refsource" : "DEBIAN", "refsource": "MISC",
"url" : "https://www.debian.org/security/2018/dsa-4294" "url": "http://seclists.org/oss-sec/2018/q3/142"
}, },
{ {
"name" : "GLSA-201811-12", "name": "DSA-4294",
"refsource" : "GENTOO", "refsource": "DEBIAN",
"url" : "https://security.gentoo.org/glsa/201811-12" "url": "https://www.debian.org/security/2018/dsa-4294"
}, },
{ {
"name" : "RHSA-2018:2918", "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource" : "REDHAT", "refsource": "MLIST",
"url" : "https://access.redhat.com/errata/RHSA-2018:2918" "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
}, },
{ {
"name" : "RHSA-2018:3760", "name": "105122",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "https://access.redhat.com/errata/RHSA-2018:3760" "url": "http://www.securityfocus.com/bid/105122"
}, },
{ {
"name" : "USN-3768-1", "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156",
"refsource" : "UBUNTU", "refsource": "MISC",
"url" : "https://usn.ubuntu.com/3768-1/" "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156"
}, },
{ {
"name" : "105122", "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/105122" "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=520bb0ea7519aa3e79db78aaf0589dae02103764"
} }
] ]
} }

22
2018/19xxx/CVE-2018-19912.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19912", "ID": "CVE-2018-19912",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/4xxx/CVE-2018-4795.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4795", "ID": "CVE-2018-4795",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2018/4xxx/CVE-2018-4868.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4868", "ID": "CVE-2018-4868",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file." "value": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/Exiv2/exiv2/issues/202", "name": "https://github.com/Exiv2/exiv2/issues/202",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/Exiv2/exiv2/issues/202" "url": "https://github.com/Exiv2/exiv2/issues/202"
}, },
{ {
"name" : "102477", "name": "102477",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/102477" "url": "http://www.securityfocus.com/bid/102477"
} }
] ]
} }

22
2018/558xxx/CVE-2018-558213.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-558213", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2018-558213",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }