admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:57:43 +00:00
parent 19bd204db2
commit 8d6d05026e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3742 additions and 3796 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2008/0xxx/CVE-2008-0789.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0789",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080212 LI-countdown SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488017/100/0/threaded"
},
{
"name" : "27753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27753"
},
{
"name" : "3655",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080212 LI-countdown SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488017/100/0/threaded"
},
{
"name": "27753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27753"
},
{
"name": "3655",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3655"
}
]
}
}

170
2008/1xxx/CVE-2008-1298.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080308 PHP-Nuke SQL injection Module \"Hadith\" [cat]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489323/100/0/threaded"
},
{
"name" : "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078",
"refsource" : "MISC",
"url" : "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078"
},
{
"name" : "28171",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28171"
},
{
"name" : "29322",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29322"
},
{
"name" : "3730",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3730"
},
{
"name" : "hadith-cat-sql-injection(41092)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080308 PHP-Nuke SQL injection Module \"Hadith\" [cat]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489323/100/0/threaded"
},
{
"name": "hadith-cat-sql-injection(41092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41092"
},
{
"name": "28171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28171"
},
{
"name": "3730",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3730"
},
{
"name": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078",
"refsource": "MISC",
"url": "http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3078"
},
{
"name": "29322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29322"
}
]
}
}

150
2008/1xxx/CVE-2008-1533.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/4560/1/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/4560/1/"
},
{
"name" : "27719",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27719"
},
{
"name" : "28861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28861"
},
{
"name" : "joomla-xmlrpc-data-manipulation(41563)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-xmlrpc-data-manipulation(41563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41563"
},
{
"name": "28861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28861"
},
{
"name": "27719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27719"
},
{
"name": "http://www.joomla.org/content/view/4560/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/4560/1/"
}
]
}
}

170
2008/1xxx/CVE-2008-1651.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490338/100/0/threaded"
},
{
"name" : "5333",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5333"
},
{
"name" : "28542",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28542"
},
{
"name" : "29624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29624"
},
{
"name" : "3793",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3793"
},
{
"name" : "easynews-login-file-include(41589)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41589"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5333",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5333"
},
{
"name": "28542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28542"
},
{
"name": "29624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29624"
},
{
"name": "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490338/100/0/threaded"
},
{
"name": "easynews-login-file-include(41589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41589"
},
{
"name": "3793",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3793"
}
]
}
}

200
2008/1xxx/CVE-2008-1768.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.videolan.org/developers/vlc/NEWS",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name" : "http://www.videolan.org/security/sa0803.php",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/security/sa0803.php"
},
{
"name" : "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource" : "CONFIRM",
"url" : "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name" : "GLSA-200804-25",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name" : "28903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28903"
},
{
"name" : "oval:org.mitre.oval:def:14412",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name" : "29800",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29800"
},
{
"name" : "29503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29503"
},
{
"name" : "ADV-2008-0985",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28903"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}

180
2008/3xxx/CVE-2008-3458.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811",
"refsource" : "MISC",
"url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=567189",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=567189"
},
{
"name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107",
"refsource" : "CONFIRM",
"url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
},
{
"name" : "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes",
"refsource" : "CONFIRM",
"url" : "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
},
{
"name" : "27228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27228"
},
{
"name" : "40218",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/40218"
},
{
"name" : "28370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27228"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=567189",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
},
{
"name": "40218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/40218"
},
{
"name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107",
"refsource": "CONFIRM",
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
},
{
"name": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes",
"refsource": "CONFIRM",
"url": "http://wiki.vtiger.com/index.php/Vtiger_CRM_5.0.4_-_Release_Notes"
},
{
"name": "28370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28370"
},
{
"name": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811",
"refsource": "MISC",
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
}
]
}
}

210
2008/3xxx/CVE-2008-3830.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000",
"refsource" : "CONFIRM",
"url" : "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name" : "FEDORA-2008-8733",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name" : "RHSA-2008:0911",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name" : "RHSA-2008:0924",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name" : "31621",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31621"
},
{
"name" : "ADV-2008-2760",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2760"
},
{
"name" : "1021002",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021002"
},
{
"name" : "32189",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32189"
},
{
"name" : "32193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32193"
},
{
"name" : "32232",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000",
"refsource": "CONFIRM",
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"name": "1021002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021002"
},
{
"name": "RHSA-2008:0924",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0924.html"
},
{
"name": "32232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32232"
},
{
"name": "32189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32189"
},
{
"name": "31621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31621"
},
{
"name": "FEDORA-2008-8733",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00264.html"
},
{
"name": "32193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32193"
},
{
"name": "RHSA-2008:0911",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0911.html"
},
{
"name": "ADV-2008-2760",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2760"
}
]
}
}

220
2008/3xxx/CVE-2008-3865.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2008-42/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2008-42/"
},
{
"name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name" : "33358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33358"
},
{
"name" : "ADV-2009-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name" : "1021614",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021614"
},
{
"name" : "1021615",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021615"
},
{
"name" : "31160",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31160"
},
{
"name" : "33609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33609"
},
{
"name" : "4937",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4937"
},
{
"name" : "tmpfw-apithread-bo(48107)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021615"
},
{
"name": "http://secunia.com/secunia_research/2008-42/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-42/"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt"
},
{
"name": "tmpfw-apithread-bo(48107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48107"
},
{
"name": "20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500195/100/0/threaded"
},
{
"name": "33358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33358"
},
{
"name": "ADV-2009-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0191"
},
{
"name": "33609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33609"
},
{
"name": "4937",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4937"
},
{
"name": "31160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31160"
},
{
"name": "1021614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021614"
}
]
}
}

170
2008/4xxx/CVE-2008-4175.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6466",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6466"
},
{
"name" : "31191",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31191"
},
{
"name" : "31853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31853"
},
{
"name" : "4299",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4299"
},
{
"name" : "linkbidscript-upgrade-sql-injection(45153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45153"
},
{
"name" : "linkbidscript-edit-sql-injection(45155)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linkbidscript-upgrade-sql-injection(45153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45153"
},
{
"name": "linkbidscript-edit-sql-injection(45155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45155"
},
{
"name": "6466",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6466"
},
{
"name": "31853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31853"
},
{
"name": "31191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31191"
},
{
"name": "4299",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4299"
}
]
}
}

140
2008/4xxx/CVE-2008-4300.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080924 Internet Information Service (adsiis.dll) activex remote DOS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496696/100/0/threaded"
},
{
"name" : "4325",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4325"
},
{
"name" : "iis-adsiis-activex-dos(45584)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080924 Internet Information Service (adsiis.dll) activex remote DOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496696/100/0/threaded"
},
{
"name": "iis-adsiis-activex-dos(45584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45584"
},
{
"name": "4325",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4325"
}
]
}
}

160
2008/4xxx/CVE-2008-4557.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4851",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4851"
},
{
"name" : "40236",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/40236"
},
{
"name" : "28330",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28330"
},
{
"name" : "4403",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4403"
},
{
"name" : "cutenews-html-code-execution(39450)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39450"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/40236"
},
{
"name": "4851",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4851"
},
{
"name": "cutenews-html-code-execution(39450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39450"
},
{
"name": "4403",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4403"
},
{
"name": "28330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28330"
}
]
}
}

180
2008/4xxx/CVE-2008-4825.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-4825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2008-49/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2008-49/"
},
{
"name" : "http://www.ezbsystems.com/ultraiso/history.htm",
"refsource" : "MISC",
"url" : "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name" : "34325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34325"
},
{
"name" : "1021964",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021964"
},
{
"name" : "32415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32415"
},
{
"name" : "ADV-2009-0903",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0903"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32415"
},
{
"name": "http://www.ezbsystems.com/ultraiso/history.htm",
"refsource": "MISC",
"url": "http://www.ezbsystems.com/ultraiso/history.htm"
},
{
"name": "1021964",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021964"
},
{
"name": "http://secunia.com/secunia_research/2008-49/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-49/"
},
{
"name": "34325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34325"
},
{
"name": "ADV-2009-0903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0903"
},
{
"name": "20090401 Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502323/100/0/threaded"
}
]
}
}

180
2013/2xxx/CVE-2013-2209.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"name" : "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource" : "MISC",
"url" : "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
"refsource" : "CONFIRM",
"url" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"name" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
"refsource" : "CONFIRM",
"url" : "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
},
{
"name" : "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
"refsource" : "CONFIRM",
"url" : "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"name" : "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
"refsource" : "CONFIRM",
"url" : "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
"refsource": "CONFIRM",
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
]
}
}

130
2013/2xxx/CVE-2013-2357.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02900",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SSRT100907",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100907",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
}
]
}
}

34
2013/2xxx/CVE-2013-2607.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2607",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2607",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/2xxx/CVE-2013-2986.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2986",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-2986",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none."
}
]
}
}

34
2013/3xxx/CVE-2013-3312.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3312",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3312",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2013/3xxx/CVE-2013-3709.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=851116",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=851116"
},
{
"name" : "SUSE-SU-2013:1894",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
},
{
"name" : "openSUSE-SU-2013:1952",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
},
{
"name" : "openSUSE-SU-2013:1954",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
},
{
"name" : "openSUSE-SU-2013:1961",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
},
{
"name" : "SUSE-SU-2014:0022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00014.html"
},
{
"name": "SUSE-SU-2014:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00001.html"
},
{
"name": "openSUSE-SU-2013:1952",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00012.html"
},
{
"name": "openSUSE-SU-2013:1954",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00013.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_secret_deserialization.rb"
},
{
"name": "SUSE-SU-2013:1894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=851116",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=851116"
}
]
}
}

130
2013/3xxx/CVE-2013-3712.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses \"static\" secret tokens, which has unspecified impact and vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SU-2014:0254",
"refsource" : "SUSE",
"url" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html"
},
{
"name" : "57050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses \"static\" secret tokens, which has unspecified impact and vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2014:0254",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140254-1.html"
},
{
"name": "57050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57050"
}
]
}
}

150
2013/6xxx/CVE-2013-6198.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-6198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02959",
"refsource" : "HP",
"url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name" : "SSRT101405",
"refsource" : "HP",
"url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name" : "1029541",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029541"
},
{
"name" : "hp-service-cve20136198-xss(89975)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101405",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name": "hp-service-cve20136198-xss(89975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89975"
},
{
"name": "1029541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029541"
},
{
"name": "HPSBMU02959",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
}
]
}
}

310
2013/6xxx/CVE-2013-6420.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6420",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html",
"refsource" : "MISC",
"url" : "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1036830",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1036830"
},
{
"name" : "http://support.apple.com/kb/HT6150",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6150"
},
{
"name" : "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!",
"refsource" : "CONFIRM",
"url" : "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!"
},
{
"name" : "DSA-2816",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2816"
},
{
"name" : "HPSBMU03112",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322"
},
{
"name" : "SSRT101447",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322"
},
{
"name" : "RHSA-2013:1813",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1813.html"
},
{
"name" : "RHSA-2013:1815",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1815.html"
},
{
"name" : "RHSA-2013:1824",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1824.html"
},
{
"name" : "RHSA-2013:1825",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1825.html"
},
{
"name" : "RHSA-2013:1826",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1826.html"
},
{
"name" : "openSUSE-SU-2013:1963",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html"
},
{
"name" : "openSUSE-SU-2013:1964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html"
},
{
"name" : "USN-2055-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2055-1"
},
{
"name" : "64225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64225"
},
{
"name" : "1029472",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029472"
},
{
"name" : "59652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2816",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2816"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415"
},
{
"name": "RHSA-2013:1824",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1824.html"
},
{
"name": "HPSBMU03112",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322"
},
{
"name": "openSUSE-SU-2013:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html"
},
{
"name": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!",
"refsource": "CONFIRM",
"url": "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!"
},
{
"name": "59652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59652"
},
{
"name": "64225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64225"
},
{
"name": "RHSA-2013:1826",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1826.html"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "RHSA-2013:1815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1815.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036830"
},
{
"name": "openSUSE-SU-2013:1963",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html"
},
{
"name": "RHSA-2013:1813",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1813.html"
},
{
"name": "1029472",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029472"
},
{
"name": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html",
"refsource": "MISC",
"url": "https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html"
},
{
"name": "SSRT101447",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322"
},
{
"name": "RHSA-2013:1825",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1825.html"
},
{
"name": "USN-2055-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2055-1"
}
]
}
}

130
2013/6xxx/CVE-2013-6704.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131203 Cisco IOS XE Software TFTP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6704"
},
{
"name" : "1029424",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029424"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029424",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029424"
},
{
"name": "20131203 Cisco IOS XE Software TFTP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6704"
}
]
}
}

34
2013/6xxx/CVE-2013-6758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6758",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6758",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

170
2013/6xxx/CVE-2013-6825.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140602 CVE-2013-6825 DCMTK Root Privilege escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532261/100/0/threaded"
},
{
"name" : "20140604 CVE-2013-6825 DCMTK Root Privilege escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/11"
},
{
"name" : "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html"
},
{
"name" : "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361",
"refsource" : "CONFIRM",
"url" : "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361"
},
{
"name" : "67784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67784"
},
{
"name" : "58916",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58916"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140602 CVE-2013-6825 DCMTK Root Privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532261/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html"
},
{
"name": "58916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58916"
},
{
"name": "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361",
"refsource": "CONFIRM",
"url": "http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361"
},
{
"name": "67784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67784"
},
{
"name": "20140604 CVE-2013-6825 DCMTK Root Privilege escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/11"
}
]
}
}

34
2013/7xxx/CVE-2013-7006.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7006",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7006",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/7xxx/CVE-2013-7177.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-7177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087",
"refsource" : "CONFIRM",
"url" : "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087"
},
{
"name" : "DSA-2979",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2979"
},
{
"name" : "openSUSE-SU-2014:0348",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name" : "VU#686662",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/686662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#686662",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686662"
},
{
"name": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087",
"refsource": "CONFIRM",
"url": "https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087"
},
{
"name": "openSUSE-SU-2014:0348",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name": "DSA-2979",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2979"
}
]
}
}

150
2013/7xxx/CVE-2013-7404.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"url" : "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?REQ=RAA&DIRECTION=5411136-1EN&FILENAME=5411136-1EN_r3.pdf&FILEREV=3&DOCREV_ORG=3"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}

140
2017/10xxx/CVE-2017-10317.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hospitality Suite8",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.10.1"
},
{
"version_affected" : "=",
"version_value" : "8.10.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hospitality Suite8",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.10.1"
},
{
"version_affected": "=",
"version_value": "8.10.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "101454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Suite8 executes to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101454"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
}
]
}
}

220
2017/10xxx/CVE-2017-10379.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"name" : "DSA-4002",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-4002"
},
{
"name" : "RHSA-2017:3265",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3265"
},
{
"name" : "RHSA-2017:3442",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3442"
},
{
"name" : "RHSA-2018:0279",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name" : "RHSA-2018:0574",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name" : "RHSA-2018:2439",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2439"
},
{
"name" : "RHSA-2018:2729",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2729"
},
{
"name" : "101415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101415"
},
{
"name" : "1039597",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039597"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4002",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4002"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
},
{
"name": "RHSA-2017:3265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3265"
},
{
"name": "RHSA-2018:2729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2729"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "1039597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039597"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "RHSA-2018:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2439"
},
{
"name": "RHSA-2017:3442",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3442"
},
{
"name": "101415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101415"
}
]
}
}

120
2017/10xxx/CVE-2017-10760.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
}
]
}
}

160
2017/10xxx/CVE-2017-10810.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"
},
{
"name" : "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"
},
{
"name" : "https://lkml.org/lkml/2017/4/6/668",
"refsource" : "CONFIRM",
"url" : "https://lkml.org/lkml/2017/4/6/668"
},
{
"name" : "DSA-3927",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3927"
},
{
"name" : "99433",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99433"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3927",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3927"
},
{
"name": "99433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99433"
},
{
"name": "https://lkml.org/lkml/2017/4/6/668",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2017/4/6/668"
},
{
"name": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"
}
]
}
}

34
2017/13xxx/CVE-2017-13579.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13579",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13579",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/13xxx/CVE-2017-13738.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484297",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484297"
},
{
"name" : "RHSA-2017:3111",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3111"
},
{
"name" : "100607",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100607"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100607"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484297",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484297"
},
{
"name": "RHSA-2017:3111",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3111"
}
]
}
}

160
2017/14xxx/CVE-2017-14164.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/"
},
{
"name" : "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a"
},
{
"name" : "https://github.com/uclouvain/openjpeg/issues/991",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/issues/991"
},
{
"name" : "GLSA-201710-26",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-26"
},
{
"name" : "100677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/09/06/heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c-incomplete-fix-for-cve-2017-14152/"
},
{
"name": "100677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100677"
},
{
"name": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/991",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/991"
}
]
}
}

160
2017/14xxx/CVE-2017-14954.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9"
},
{
"name" : "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9"
},
{
"name" : "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c",
"refsource" : "MISC",
"url" : "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c"
},
{
"name" : "https://twitter.com/_argp/status/914021130712870912",
"refsource" : "MISC",
"url" : "https://twitter.com/_argp/status/914021130712870912"
},
{
"name" : "https://twitter.com/grsecurity/status/914079864478666753",
"refsource" : "MISC",
"url" : "https://twitter.com/grsecurity/status/914079864478666753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9"
},
{
"name": "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c",
"refsource": "MISC",
"url": "https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c"
},
{
"name": "https://twitter.com/grsecurity/status/914079864478666753",
"refsource": "MISC",
"url": "https://twitter.com/grsecurity/status/914079864478666753"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9"
},
{
"name": "https://twitter.com/_argp/status/914021130712870912",
"refsource": "MISC",
"url": "https://twitter.com/_argp/status/914021130712870912"
}
]
}
}

34
2017/17xxx/CVE-2017-17021.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17021",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17021",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/17xxx/CVE-2017-17222.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eSpace 7950; eSpace 8950",
"version" : {
"version_data" : [
{
"version_value" : "eSpace 7950 V200R003C30"
},
{
"version_value" : "eSpace 8950 V200R003C00"
},
{
"version_value" : "V200R003C30"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eSpace 7950; eSpace 8950",
"version": {
"version_data": [
{
"version_value": "eSpace 7950 V200R003C30"
},
{
"version_value": "eSpace 8950 V200R003C00"
},
{
"version_value": "V200R003C30"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
}
]
}
}

120
2017/17xxx/CVE-2017-17284.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300,RP200,TE30,TE40,TE50,TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "resource management error"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300,RP200,TE30,TE40,TE50,TE60",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "resource management error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-en"
}
]
}
}

120
2017/17xxx/CVE-2017-17475.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82736068."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068",
"refsource" : "MISC",
"url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82736068."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068",
"refsource": "MISC",
"url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82736068"
}
]
}
}

120
2017/9xxx/CVE-2017-9185.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-bmp.c:319:7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-bmp.c:319:7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
}

132
2017/9xxx/CVE-2017-9511.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2017-07-17T00:00:00",
"ID" : "CVE-2017-9511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Atlassian FishEye and Crucible",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian FishEye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CRUC-8049",
"refsource" : "MISC",
"url" : "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"name" : "https://jira.atlassian.com/browse/FE-6891",
"refsource" : "MISC",
"url" : "https://jira.atlassian.com/browse/FE-6891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8049",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8049"
},
{
"name": "https://jira.atlassian.com/browse/FE-6891",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6891"
}
]
}
}

150
2017/9xxx/CVE-2017-9631.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-9631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Schneider Electric Wonderware ArchestrA Logger",
"version" : {
"version_data" : [
{
"version_value" : "Schneider Electric Wonderware ArchestrA Logger"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-476"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware ArchestrA Logger",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware ArchestrA Logger"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/",
"refsource" : "MISC",
"url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04"
},
{
"name" : "99488",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99488"
},
{
"name" : "1038836",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99488"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04"
},
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/"
},
{
"name": "1038836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038836"
}
]
}
}

130
2017/9xxx/CVE-2017-9846.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.magicwinmail.com/changelog.php",
"refsource" : "MISC",
"url" : "http://www.magicwinmail.com/changelog.php"
},
{
"name" : "https://github.com/zhonghaozhao/winmail/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/zhonghaozhao/winmail/issues/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zhonghaozhao/winmail/issues/1",
"refsource": "MISC",
"url": "https://github.com/zhonghaozhao/winmail/issues/1"
},
{
"name": "http://www.magicwinmail.com/changelog.php",
"refsource": "MISC",
"url": "http://www.magicwinmail.com/changelog.php"
}
]
}
}

140
2018/0xxx/CVE-2018-0102.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco NX-OS",
"version" : {
"version_data" : [
{
"version_value" : "Cisco NX-OS"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco NX-OS",
"version": {
"version_data": [
{
"version_value": "Cisco NX-OS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os"
},
{
"name" : "102728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102728"
},
{
"name" : "1040219",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040219",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040219"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os"
},
{
"name": "102728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102728"
}
]
}
}

142
2018/0xxx/CVE-2018-0919.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919"
},
{
"name" : "103311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103311"
},
{
"name" : "1040526",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka \"Microsoft Office Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040526"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0919"
},
{
"name": "103311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103311"
}
]
}
}

134
2018/1000xxx/CVE-2018-1000118.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2/23/2018 10:04:49",
"ID" : "CVE-2018-1000118",
"REQUESTER" : "xiao.gong@chaitin.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Electron",
"version" : {
"version_data" : [
{
"version_value" : "Electron 1.8.2-beta.4 and earlier"
}
]
}
}
]
},
"vendor_name" : "Github"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/23/2018 10:04:49",
"ID": "CVE-2018-1000118",
"REQUESTER": "xiao.gong@chaitin.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://electronjs.org/releases#1.8.2-beta.5",
"refsource" : "CONFIRM",
"url" : "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"name" : "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7",
"refsource" : "CONFIRM",
"url" : "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://electronjs.org/releases#1.8.2-beta.5",
"refsource": "CONFIRM",
"url": "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"name": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000606.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-25T11:12:00.705415",
"DATE_REQUESTED" : "2018-06-25T00:00:00",
"ID" : "CVE-2018-1000606",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins URLTrigger Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.41 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-25T11:12:00.705415",
"DATE_REQUESTED": "2018-06-25T00:00:00",
"ID": "CVE-2018-1000606",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-819"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000804.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-10-05T22:22:07.609207",
"DATE_REQUESTED" : "2018-09-07T13:28:01",
"ID" : "CVE-2018-1000804",
"REQUESTER" : "cve.reporting@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "contiki-ng",
"version" : {
"version_data" : [
{
"version_value" : "4"
}
]
}
}
]
},
"vendor_name" : "contiki-ng"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-10-05T22:22:07.609207",
"DATE_REQUESTED": "2018-09-07T13:28:01",
"ID": "CVE-2018-1000804",
"REQUESTER": "cve.reporting@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/contiki-ng/contiki-ng/issues/594",
"refsource" : "CONFIRM",
"url" : "https://github.com/contiki-ng/contiki-ng/issues/594"
},
{
"name" : "https://github.com/contiki-ng/contiki-ng/pull/624",
"refsource" : "CONFIRM",
"url" : "https://github.com/contiki-ng/contiki-ng/pull/624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/594",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/issues/594"
},
{
"name": "https://github.com/contiki-ng/contiki-ng/pull/624",
"refsource": "CONFIRM",
"url": "https://github.com/contiki-ng/contiki-ng/pull/624"
}
]
}
}

130
2018/19xxx/CVE-2018-19061.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DedeCMS 5.7 SP2 has SQL Injection via the dede\\co_do.php ids parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html",
"refsource" : "MISC",
"url" : "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html"
},
{
"name" : "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/",
"refsource" : "MISC",
"url" : "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DedeCMS 5.7 SP2 has SQL Injection via the dede\\co_do.php ids parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html",
"refsource": "MISC",
"url": "https://github.com/moonf1sh/moonf1sh.github.io/blob/master/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/index.html"
},
{
"name": "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/",
"refsource": "MISC",
"url": "https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/"
}
]
}
}

68
2018/19xxx/CVE-2018-19524.json
View File

@ -2,30 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -34,48 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/30",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/30"
},
{
"url": "https://seclists.org/bugtraq/2019/Feb/21",
"refsource": "MISC",
"name": "https://seclists.org/bugtraq/2019/Feb/21"
},
{
"url": "https://www.exploit-db.com/exploits/46358/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46358/"
},
{
"url": "http://breakthesec.com",
"refsource": "MISC",
"name": "http://breakthesec.com"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

130
2018/19xxx/CVE-2018-19784.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Athlon1600/php-proxy-app/issues/139",
"refsource" : "MISC",
"url" : "https://github.com/Athlon1600/php-proxy-app/issues/139"
},
{
"name" : "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md",
"refsource" : "MISC",
"url" : "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md",
"refsource": "MISC",
"url": "https://github.com/eddietcc/CVE-Bins/blob/master/PHP-Proxy/readme.md"
},
{
"name": "https://github.com/Athlon1600/php-proxy-app/issues/139",
"refsource": "MISC",
"url": "https://github.com/Athlon1600/php-proxy-app/issues/139"
}
]
}
}

270
2018/1xxx/CVE-2018-1120.json
View File

@ -1,132 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-1120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel",
"version" : {
"version_data" : [
{
"version_value" : "kernel 4.17"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks)."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "2.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 4.17"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44806",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44806/"
},
{
"name" : "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830"
},
{
"name" : "GLSA-201805-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-14"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "USN-3752-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-1/"
},
{
"name" : "USN-3752-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-2/"
},
{
"name" : "USN-3752-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-3/"
},
{
"name" : "104229",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104229"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks)."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "104229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104229"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "GLSA-201805-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"refsource": "UBUNTU",
"name": "USN-3910-1",
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120"
},
{
"refsource": "UBUNTU",
"name": "USN-3910-2",
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
}
]
}
}

182
2018/1xxx/CVE-2018-1453.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-06-06T00:00:00",
"ID" : "CVE-2018-1453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "H",
"PR" : "L",
"S" : "U",
"SCORE" : "8.800",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-06T00:00:00",
"ID": "CVE-2018-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22013617",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name" : "1041383",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041383"
},
{
"name" : "ibm-sim-cve20181453-file-upload(140055)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"SCORE": "8.800",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013617",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013617"
},
{
"name": "1041383",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041383"
},
{
"name": "ibm-sim-cve20181453-file-upload(140055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140055"
}
]
}
}

34
2018/1xxx/CVE-2018-1739.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1739",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1739",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4680.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4680",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4680",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}