admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:57:27 +00:00
parent e154f9720e
commit 8b34dd9ed3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3771 additions and 3771 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2001/0xxx/CVE-2001-0128.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0128", "ID": "CVE-2001-0128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MDKSA-2000-083", "description_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3" "lang": "eng",
}, "value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
{ }
"name" : "CLA-2000:365", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2000:127", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2000-127.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-006-1", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2000/20001219" ]
}, },
{ "references": {
"name" : "FreeBSD-SA-01:06", "reference_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc" "name": "6284",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/6284"
"name" : "zope-calculate-roles(5777)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777" "name": "RHSA-2000:127",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
"name" : "6284", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6284" "name": "zope-calculate-roles(5777)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
} },
} {
"name": "MDKSA-2000-083",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365"
},
{
"name": "DSA-006-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001219"
}
]
}
}

150
2001/0xxx/CVE-2001-0143.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0143", "ID": "CVE-2001-0143",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010110 Immunix OS Security update for lots of temp file problems", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" "lang": "eng",
}, "value": "vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack."
{ }
"name" : "MDKSA-2001:011", ]
"refsource" : "MANDRAKE", },
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2186", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2186" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "linuxconf-vpop3d-symlink(5923)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5923" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20010110 Immunix OS Security update for lots of temp file problems",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2"
},
{
"name": "linuxconf-vpop3d-symlink(5923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5923"
},
{
"name": "MDKSA-2001:011",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3"
},
{
"name": "2186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2186"
}
]
}
}

120
2001/0xxx/CVE-2001-0220.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0220", "ID": "CVE-2001-0220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-01:21", "description_data": [
"refsource" : "FREEBSD", {
"url" : "http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html" "lang": "eng",
} "value": "Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-01:21",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html"
}
]
}
}

130
2001/0xxx/CVE-2001-0432.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0432", "ID": "CVE-2001-0432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010413 Trend Micro Interscan VirusWall 3.01 vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html" "lang": "eng",
}, "value": "Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands."
{ }
"name" : "2579", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2579" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2579"
},
{
"name": "20010413 Trend Micro Interscan VirusWall 3.01 vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0547.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0547", "ID": "CVE-2001-0547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS01-045", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045" "lang": "eng",
}, "value": "Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion)."
{ }
"name" : "isa-proxy-memory-leak-dos(6990)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6990" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3197", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3197" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS01-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045"
},
{
"name": "3197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3197"
},
{
"name": "isa-proxy-memory-leak-dos(6990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6990"
}
]
}
}

140
2001/0xxx/CVE-2001-0931.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0931", "ID": "CVE-2001-0931",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011128 PowerFTP-server-Bugs&Exploits-Remotes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=100698397818175&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET."
{ }
"name" : "powerftp-dot-directory-traversal(7615)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7615" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3593", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3593" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "powerftp-dot-directory-traversal(7615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7615"
},
{
"name": "3593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3593"
},
{
"name": "20011128 PowerFTP-server-Bugs&Exploits-Remotes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100698397818175&w=2"
}
]
}
}

140
2001/1xxx/CVE-2001-1272.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1272", "ID": "CVE-2001-1272",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-092", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2001/dsa-092" "lang": "eng",
}, "value": "wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option."
{ }
"name" : "wmtv-execute-commands(7669)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/7669.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3658", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3658" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "3658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3658"
},
{
"name": "DSA-092",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-092"
},
{
"name": "wmtv-execute-commands(7669)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7669.php"
}
]
}
}

230
2008/1xxx/CVE-2008-1091.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-1091", "ID": "CVE-2008-1091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080513 ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492020/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\""
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-023", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBST02336", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT080071", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" ]
}, },
{ "references": {
"name" : "MS08-026", "reference_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026" "name": "20080513 ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/492020/100/0/threaded"
"name" : "TA08-134A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-134A.html" "name": "MS08-026",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026"
"name" : "VU#543907", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/543907" "name": "29104",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29104"
"name" : "29104", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29104" "name": "VU#543907",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/543907"
"name" : "oval:org.mitre.oval:def:5494", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494" "name": "ADV-2008-1504",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1504/references"
"name" : "ADV-2008-1504", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1504/references" "name": "oval:org.mitre.oval:def:5494",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494"
"name" : "1020013", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020013" "name": "1020013",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020013"
"name" : "30143", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30143" "name": "SSRT080071",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
} },
} {
"name": "30143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30143"
},
{
"name": "TA08-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-023",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-023"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
}
]
}
}

130
2008/1xxx/CVE-2008-1513.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1513", "ID": "CVE-2008-1513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5239", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5239" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
{ }
"name" : "cmsdanneo-index-sql-injection(41153)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41153" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5239",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5239"
},
{
"name": "cmsdanneo-index-sql-injection(41153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41153"
}
]
}
}

150
2008/1xxx/CVE-2008-1939.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1939", "ID": "CVE-2008-1939",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5475", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5475" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920."
{ }
"name" : "28871", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28871" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1340", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1340/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "philboard-philboardreply-sql-injection(41957)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41957" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5475",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5475"
},
{
"name": "28871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28871"
},
{
"name": "ADV-2008-1340",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1340/references"
},
{
"name": "philboard-philboardreply-sql-injection(41957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41957"
}
]
}
}

170
2008/5xxx/CVE-2008-5190.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5190", "ID": "CVE-2008-5190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5970", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5970" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter."
{ }
"name" : "30002", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30002" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30712", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30712" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4619", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4619" ]
}, },
{ "references": {
"name" : "ADV-2008-1971", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1971/references" "name": "ADV-2008-1971",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1971/references"
"name" : "eshop100-index-sql-injection(43452)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43452" "name": "eshop100-index-sql-injection(43452)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43452"
} },
} {
"name": "30712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30712"
},
{
"name": "30002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30002"
},
{
"name": "5970",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5970"
},
{
"name": "4619",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4619"
}
]
}
}

140
2008/5xxx/CVE-2008-5205.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5205", "ID": "CVE-2008-5205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080626 WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493710/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action."
{ }
"name" : "4645", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4645" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "wellyblog-edit-xss(43433)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43433" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4645",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4645"
},
{
"name": "20080626 WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493710/100/0/threaded"
},
{
"name": "wellyblog-edit-xss(43433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43433"
}
]
}
}

160
2008/5xxx/CVE-2008-5232.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5232", "ID": "CVE-2008-5232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt" "lang": "eng",
}, "value": "Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30814", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30814" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020733", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1020733" ]
}, },
{ "references": {
"name" : "windowsmediaservices-callhtmlhelp-bo(44629)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44629" "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt",
} "refsource": "MISC",
] "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/30814.html.txt"
} },
} {
"name": "windowsmediaservices-callhtmlhelp-bo(44629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44629"
},
{
"name": "30814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30814"
},
{
"name": "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0808-exploits/wms-overflow.txt"
},
{
"name": "1020733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020733"
}
]
}
}

170
2008/5xxx/CVE-2008-5306.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5306", "ID": "CVE-2008-5306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7200", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7200" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information."
{ }
"name" : "32429", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32429" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-3239", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3239" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32841", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32841" ]
}, },
{ "references": {
"name" : "4674", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4674" "name": "32841",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32841"
"name" : "realestatesolution-index-sql-injection(46792)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46792" "name": "realestatesolution-index-sql-injection(46792)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46792"
} },
} {
"name": "7200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7200"
},
{
"name": "32429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32429"
},
{
"name": "4674",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4674"
},
{
"name": "ADV-2008-3239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3239"
}
]
}
}

34
2008/5xxx/CVE-2008-5472.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-5472", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-5472",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

160
2008/5xxx/CVE-2008-5965.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5965", "ID": "CVE-2008-5965",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6737", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6737" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter."
{ }
"name" : "31730", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31730" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30472", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30472" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2798", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2798" ]
}, },
{ "references": {
"name" : "lokicms-index-directory-traversal(45822)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45822" "name": "6737",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6737"
} },
} {
"name": "ADV-2008-2798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2798"
},
{
"name": "31730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31730"
},
{
"name": "30472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30472"
},
{
"name": "lokicms-index-directory-traversal(45822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45822"
}
]
}
}

150
2011/2xxx/CVE-2011-2759.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2759", "ID": "CVE-2011-2759",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165" "lang": "eng",
}, "value": "The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24030320", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24030320" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IO14165", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO14165" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ibm-tds-idswebapp-info-disc(68585)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68585" ]
} },
] "references": {
} "reference_data": [
} {
"name": "IO14165",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO14165"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24030320",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24030320"
},
{
"name": "ibm-tds-idswebapp-info-disc(68585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68585"
},
{
"name": "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165"
}
]
}
}

140
2013/0xxx/CVE-2013-0076.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-0076", "ID": "CVE-2013-0076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"Reference Count Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-019", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-019" "lang": "eng",
}, "value": "The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"Reference Count Vulnerability.\""
{ }
"name" : "TA13-043B", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16478", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16478" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-019"
},
{
"name": "TA13-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
},
{
"name": "oval:org.mitre.oval:def:16478",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16478"
}
]
}
}

34
2013/0xxx/CVE-2013-0119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0119", "ID": "CVE-2013-0119",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2013/0xxx/CVE-2013-0232.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0232", "ID": "CVE-2013-0232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "24310", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/24310" "lang": "eng",
}, "value": "includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function."
{ }
"name" : "[oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/01/28/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910", "description": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/", ]
"refsource" : "MISC", }
"url" : "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/" ]
}, },
{ "references": {
"name" : "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771" "name": "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/",
}, "refsource": "MISC",
{ "url": "http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/"
"name" : "DSA-2640", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2640" "name": "[oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/01/28/2"
"name" : "89529", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/89529" "name": "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771",
} "refsource": "MISC",
] "url": "http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771"
} },
} {
"name": "DSA-2640",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2640"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910"
},
{
"name": "24310",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24310"
},
{
"name": "89529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/89529"
}
]
}
}

150
2013/0xxx/CVE-2013-0832.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0832", "ID": "CVE-2013-0832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=160380", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=160380" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:0236", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:16310", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16310" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://code.google.com/p/chromium/issues/detail?id=160380",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=160380"
},
{
"name": "openSUSE-SU-2013:0236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:16310",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16310"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
}
]
}
}

150
2013/0xxx/CVE-2013-0893.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0893", "ID": "CVE-2013-0893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" "lang": "eng",
}, "value": "Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=168570", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=168570" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:0454", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15682", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15682" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html"
},
{
"name": "oval:org.mitre.oval:def:15682",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15682"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=168570",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=168570"
},
{
"name": "openSUSE-SU-2013:0454",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html"
}
]
}
}

130
2013/0xxx/CVE-2013-0929.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2013-0929", "ID": "CVE-2013-0929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html" "lang": "eng",
}, "value": "Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command."
{ }
"name" : "57472", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/57472" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html"
},
{
"name": "57472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57472"
}
]
}
}

34
2013/1xxx/CVE-2013-1592.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1592", "ID": "CVE-2013-1592",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

270
2013/1xxx/CVE-2013-1808.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1808", "ID": "CVE-2013-1808",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130218 XSS vulnerabilities in ZeroClipboard", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Feb/103" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed."
{ }
"name" : "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2013/Feb/109" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Mar/5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress", ]
"refsource" : "FULLDISC", }
"url" : "http://seclists.org/fulldisclosure/2013/Apr/88" ]
}, },
{ "references": {
"name" : "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress", "reference_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Apr/87" "name": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
"name" : "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/03/3" "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
}, "refsource": "CONFIRM",
{ "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
"name" : "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/10/2" "name": "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
"name" : "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/25/1" "name": "20130218 XSS vulnerabilities in ZeroClipboard",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Feb/103"
"name" : "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/26/8" "name": "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Feb/109"
"name" : "http://securityvulns.ru/docs29103.html", },
"refsource" : "MISC", {
"url" : "http://securityvulns.ru/docs29103.html" "name": "http://securityvulns.ru/docs29105.html",
}, "refsource": "MISC",
{ "url": "http://securityvulns.ru/docs29105.html"
"name" : "http://securityvulns.ru/docs29104.html", },
"refsource" : "MISC", {
"url" : "http://securityvulns.ru/docs29104.html" "name": "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
"name" : "http://securityvulns.ru/docs29105.html", },
"refsource" : "MISC", {
"url" : "http://securityvulns.ru/docs29105.html" "name": "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Mar/5"
"name" : "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108" "name": "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Apr/87"
"name" : "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696" "name": "http://securityvulns.ru/docs29103.html",
}, "refsource": "MISC",
{ "url": "http://securityvulns.ru/docs29103.html"
"name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb", },
"refsource" : "CONFIRM", {
"url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb" "name": "http://securityvulns.ru/docs29104.html",
}, "refsource": "MISC",
{ "url": "http://securityvulns.ru/docs29104.html"
"name" : "58257", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58257" "name": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108",
} "refsource": "CONFIRM",
] "url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
} },
} {
"name": "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
},
{
"name": "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/88"
},
{
"name": "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
},
{
"name": "58257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58257"
}
]
}
}

130
2013/3xxx/CVE-2013-3066.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3066", "ID": "CVE-2013-3066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" "lang": "eng",
}, "value": "Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/."
{ }
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php", ]
"refsource" : "MISC", },
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php"
}
]
}
}

140
2013/3xxx/CVE-2013-3138.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3138", "ID": "CVE-2013-3138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka \"TCP/IP Integer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-049", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-049" "lang": "eng",
}, "value": "Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka \"TCP/IP Integer Overflow Vulnerability.\""
{ }
"name" : "TA13-168A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16943", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16943" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-049",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-049"
},
{
"name": "TA13-168A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"
},
{
"name": "oval:org.mitre.oval:def:16943",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16943"
}
]
}
}

34
2013/3xxx/CVE-2013-3298.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3298", "ID": "CVE-2013-3298",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/3xxx/CVE-2013-3307.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3307", "ID": "CVE-2013-3307",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/3xxx/CVE-2013-3939.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3939", "ID": "CVE-2013-3939",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/4xxx/CVE-2013-4138.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4138", "ID": "CVE-2013-4138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130717 Re: CVE request for Drupal contrib modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/07/17/1" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the \"Administer content,\" \"Create new article,\" or \"Edit any article type content\" permission to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "https://drupal.org/node/2038363", ]
"refsource" : "MISC", },
"url" : "https://drupal.org/node/2038363" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://drupal.org/node/2038189", "description": [
"refsource" : "CONFIRM", {
"url" : "https://drupal.org/node/2038189" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2038363",
"refsource": "MISC",
"url": "https://drupal.org/node/2038363"
},
{
"name": "https://drupal.org/node/2038189",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2038189"
},
{
"name": "[oss-security] 20130717 Re: CVE request for Drupal contrib modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/17/1"
}
]
}
}

130
2013/4xxx/CVE-2013-4481.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4481", "ID": "CVE-2013-4481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=988998", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=988998" "lang": "eng",
}, "value": "Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as \"authentication secrets.\""
{ }
"name" : "RHSA-2013:1603", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1603.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1603",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1603.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=988998",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=988998"
}
]
}
}

34
2013/4xxx/CVE-2013-4770.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4770", "ID": "CVE-2013-4770",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2013/4xxx/CVE-2013-4936.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4936", "ID": "CVE-2013-4936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651" "lang": "eng",
}, "value": "The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904" ]
}, },
{ "references": {
"name" : "https://www.wireshark.org/security/wnpa-sec-2013-53.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2013-53.html" "name": "https://www.wireshark.org/security/wnpa-sec-2013-53.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.wireshark.org/security/wnpa-sec-2013-53.html"
"name" : "GLSA-201308-05", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50651"
"name" : "oval:org.mitre.oval:def:16971", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16971" "name": "54425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54425"
"name" : "54296", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54296" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html"
"name" : "54425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54425" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904",
} "refsource": "CONFIRM",
] "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8904"
} },
} {
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "oval:org.mitre.oval:def:16971",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16971"
},
{
"name": "54296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54296"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-pn-rt.c?r1=50651&r2=50650&pathrev=50651"
}
]
}
}

122
2017/12xxx/CVE-2017-12083.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-31T00:00:00", "DATE_PUBLIC": "2017-10-31T00:00:00",
"ID" : "CVE-2017-12083", "ID": "CVE-2017-12083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Circle", "product_name": "Circle",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware 2.0.1" "version_value": "firmware 2.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Circle Media" "vendor_name": "Circle Media"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435" "lang": "eng",
} "value": "An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435"
}
]
}
}

172
2017/12xxx/CVE-2017-12189.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2017-10-09T00:00:00", "DATE_PUBLIC": "2017-10-09T00:00:00",
"ID" : "CVE-2017-12189", "ID": "CVE-2017-12189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Red Hat JBoss Enterprise Application Platform", "product_name": "Red Hat JBoss Enterprise Application Platform",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.0.7.GA" "version_value": "7.0.7.GA"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat, Inc." "vendor_name": "Red Hat, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-282"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189" "lang": "eng",
}, "value": "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656."
{ }
"name" : "RHSA-2018:0002", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:0002" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:0003", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0003" "lang": "eng",
}, "value": "CWE-282"
{ }
"name" : "RHSA-2018:0004", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:0004" ]
}, },
{ "references": {
"name" : "RHSA-2018:0005", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0005" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189"
"name" : "102407", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102407" "name": "RHSA-2018:0002",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:0002"
} },
} {
"name": "RHSA-2018:0004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0004"
},
{
"name": "RHSA-2018:0003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0003"
},
{
"name": "RHSA-2018:0005",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0005"
},
{
"name": "102407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102407"
}
]
}
}

34
2017/12xxx/CVE-2017-12397.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12397", "ID": "CVE-2017-12397",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/12xxx/CVE-2017-12784.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12784", "ID": "CVE-2017-12784",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view", "description_data": [
"refsource" : "MISC", {
"url" : "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view" "lang": "eng",
} "value": "In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/0B9DojFnTUSNGcG1WN2Q1eVZMQTg/view"
}
]
}
}

200
2017/13xxx/CVE-2017-13000.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13000", "ID": "CVE-2017-13000",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tcpdump.org/tcpdump-changes.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tcpdump.org/tcpdump-changes.txt" "lang": "eng",
}, "value": "The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print()."
{ }
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT208221", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "name": "GLSA-201709-23",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-23"
"name" : "DSA-3971", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3971" "name": "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35da1d48b9f8466f43f"
"name" : "GLSA-201709-23", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-23" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "RHEA-2018:0705", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHEA-2018:0705" "name": "DSA-3971",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3971"
"name" : "1039307", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039307" "name": "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184",
} "refsource": "CONFIRM",
] "url": "https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57946bade7dfd6b184"
} },
} {
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb110a740c6ff0cb97"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

34
2017/13xxx/CVE-2017-13417.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13417", "ID": "CVE-2017-13417",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13531.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13531", "ID": "CVE-2017-13531",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2017/13xxx/CVE-2017-13884.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-13884", "ID": "CVE-2017-13884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208324", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208324" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT208325", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208325" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208326", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208326" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208327", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208327" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT208328", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208328" "name": "https://support.apple.com/HT208327",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208327"
"name" : "https://support.apple.com/HT208334", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208334" "name": "https://support.apple.com/HT208325",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208325"
"name" : "USN-3551-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3551-1/" "name": "https://support.apple.com/HT208334",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT208334"
} },
} {
"name": "https://support.apple.com/HT208324",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208324"
},
{
"name": "https://support.apple.com/HT208326",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208326"
},
{
"name": "USN-3551-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3551-1/"
},
{
"name": "https://support.apple.com/HT208328",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208328"
}
]
}
}

34
2017/16xxx/CVE-2017-16469.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16469", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16469",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

200
2017/16xxx/CVE-2017-16645.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16645", "ID": "CVE-2017-16645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a" "lang": "eng",
}, "value": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device."
{ }
"name" : "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ", ]
"refsource" : "MISC", },
"url" : "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3617-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3617-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3617-2", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3617-2/" ]
}, },
{ "references": {
"name" : "USN-3617-3", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3617-3/" "name": "USN-3617-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3617-1/"
"name" : "USN-3619-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3619-1/" "name": "USN-3619-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3619-2/"
"name" : "USN-3619-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3619-2/" "name": "USN-3617-3",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3617-3/"
"name" : "USN-3754-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3754-1/" "name": "USN-3754-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3754-1/"
"name" : "101768", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101768" "name": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a",
} "refsource": "MISC",
] "url": "https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a"
} },
} {
"name": "101768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101768"
},
{
"name": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ"
},
{
"name": "USN-3617-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
}
]
}
}

132
2017/16xxx/CVE-2017-16744.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-16T00:00:00", "DATE_PUBLIC": "2018-08-16T00:00:00",
"ID" : "CVE-2017-16744", "ID": "CVE-2017-16744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Niagara AX Framework and Niagara 4 Framework", "product_name": "Niagara AX Framework and Niagara 4 Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior" "version_value": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03" "lang": "eng",
}, "value": "A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials."
{ }
"name" : "105101", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105101" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105101"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03"
}
]
}
}

120
2017/16xxx/CVE-2017-16866.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16866", "ID": "CVE-2017-16866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50" "lang": "eng",
} "value": "dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50",
"refsource": "CONFIRM",
"url": "https://gitee.com/dayrui/finecms/commit/09d4f3c1a1b8598ce8967e158b16b9fe44936c50"
}
]
}
}

34
2017/16xxx/CVE-2017-16980.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16980", "ID": "CVE-2017-16980",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17159.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17159", "ID": "CVE-2017-17159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MT8-EMUI4.1,NTS-AL00", "product_name": "MT8-EMUI4.1,NTS-AL00",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535" "version_value": "NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01,NTS-AL00C00B535"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en" "lang": "eng",
} "value": "Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-smartphone-en"
}
]
}
}

150
2017/17xxx/CVE-2017-17427.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17427", "ID": "CVE-2017-17427",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://robotattack.org/", "description_data": [
"refsource" : "MISC", {
"url" : "https://robotattack.org/" "lang": "eng",
}, "value": "Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack (\"Bleichenbacher attack\"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations."
{ }
"name" : "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability", ]
"refsource" : "CONFIRM", },
"url" : "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#144389", "description": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/144389" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102199", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/102199" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://robotattack.org/",
"refsource": "MISC",
"url": "https://robotattack.org/"
},
{
"name": "102199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102199"
},
{
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"name": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability",
"refsource": "CONFIRM",
"url": "https://support.radware.com/app/answers/answer_view/a_id/1010361/~/cve-2017-17427-adaptive-chosen-ciphertext-attack-vulnerability"
}
]
}
}

130
2017/17xxx/CVE-2017-17602.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17602", "ID": "CVE-2017-17602",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43263", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43263/" "lang": "eng",
}, "value": "Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter."
{ }
"name" : "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145299/Advance-B2B-Script-2.1.3-SQL-Injection.html"
},
{
"name": "43263",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43263/"
}
]
}
}

130
2018/18xxx/CVE-2018-18005.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18005", "ID": "CVE-2018-18005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244" "lang": "eng",
}, "value": "Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter."
{ }
"name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf"
}
]
}
}

34
2018/18xxx/CVE-2018-18119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18119", "ID": "CVE-2018-18119",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2018/18xxx/CVE-2018-18344.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-18344", "ID": "CVE-2018-18344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/866426", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/866426" "lang": "eng",
}, "value": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension."
{ }
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4352", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4352" "lang": "eng",
}, "value": "Inappropriate implementation"
{ }
"name" : "RHSA-2018:3803", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3803" ]
}, },
{ "references": {
"name" : "106084", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106084" "name": "https://crbug.com/866426",
} "refsource": "MISC",
] "url": "https://crbug.com/866426"
} },
} {
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
}
]
}
}

120
2018/18xxx/CVE-2018-18701.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18701", "ID": "CVE-2018-18701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675", "description_data": [
"refsource" : "MISC", {
"url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675" "lang": "eng",
} "value": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675",
"refsource": "MISC",
"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675"
}
]
}
}

150
2018/19xxx/CVE-2018-19296.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19296", "ID": "CVE-2018-19296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181228 [SECURITY] [DLA 1591-2] libphp-phpmailer regression update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html" "lang": "eng",
}, "value": "PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack."
{ }
"name" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27", ]
"refsource" : "MISC", },
"url" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4351", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4351" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27",
"refsource": "MISC",
"url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27"
},
{
"name": "[debian-lts-announce] 20181228 [SECURITY] [DLA 1591-2] libphp-phpmailer regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00020.html"
},
{
"name": "DSA-4351",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4351"
},
{
"name": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6",
"refsource": "MISC",
"url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6"
}
]
}
}

278
2018/1xxx/CVE-2018-1061.json
View File

@ -1,141 +1,141 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sfowler@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-1061", "ID": "CVE-2018-1061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "python", "product_name": "python",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "python 2.7.15" "version_value": "python 2.7.15"
}, },
{ {
"version_value" : "python 3.4.9" "version_value": "python 3.4.9"
}, },
{ {
"version_value" : "python 3.5.6" "version_value": "python 3.5.6"
}, },
{ {
"version_value" : "python 3.7.0" "version_value": "python 3.7.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" "lang": "eng",
}, "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service."
{ }
"name" : "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html" "impact": {
}, "cvss": [
{ [
"name" : "https://bugs.python.org/issue32981", {
"refsource" : "CONFIRM", "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"url" : "https://bugs.python.org/issue32981" "version": "3.0"
}, }
{ ]
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", "description": [
"refsource" : "CONFIRM", {
"url" : "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1" "lang": "eng",
}, "value": "CWE-20"
{ }
"name" : "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", ]
"refsource" : "CONFIRM", }
"url" : "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1" ]
}, },
{ "references": {
"name" : "DSA-4306", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4306" "name": "DSA-4306",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4306"
"name" : "DSA-4307", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4307" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061"
"name" : "RHSA-2018:3041", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3041" "name": "1042001",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1042001"
"name" : "RHSA-2018:3505", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3505" "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
"name" : "USN-3817-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3817-1/" "name": "https://bugs.python.org/issue32981",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.python.org/issue32981"
"name" : "USN-3817-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3817-2/" "name": "USN-3817-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3817-2/"
"name" : "1042001", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1042001" "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1",
} "refsource": "CONFIRM",
] "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
} },
} {
"name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1",
"refsource": "CONFIRM",
"url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "RHSA-2018:3041",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3041"
},
{
"name": "DSA-4307",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4307"
},
{
"name": "USN-3817-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3817-1/"
},
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
}
]
}
}

162
2018/1xxx/CVE-2018-1106.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2018-04-23T00:00:00", "DATE_PUBLIC": "2018-04-23T00:00:00",
"ID" : "CVE-2018-1106", "ID": "CVE-2018-1106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PackageKit", "product_name": "PackageKit",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 1.1.10" "version_value": "before 1.1.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat, Inc." "vendor_name": "Red Hat, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2018/04/23/3" "lang": "eng",
}, "value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1565992", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1565992" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4207", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4207" "lang": "eng",
}, "value": "CWE-287"
{ }
"name" : "RHSA-2018:1224", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:1224" ]
}, },
{ "references": {
"name" : "USN-3634-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3634-1/" "name": "USN-3634-1",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3634-1/"
} },
} {
"name": "DSA-4207",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
]
}
}

34
2018/1xxx/CVE-2018-1531.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1531", "ID": "CVE-2018-1531",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/1xxx/CVE-2018-1620.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1620", "ID": "CVE-2018-1620",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/5xxx/CVE-2018-5570.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5570", "ID": "CVE-2018-5570",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/5xxx/CVE-2018-5827.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2018-5827", "ID": "CVE-2018-5827",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
}, "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event."
{ }
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=53e6d889ac29336ba212a0d4a987455a85736fa8"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}