admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:36:35 +00:00
parent e040876457
commit 907f7d98e6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3603 additions and 3534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2004/1xxx/CVE-2004-1340.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-659",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-659"
},
{
"name" : "1013030",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013030"
},
{
"name" : "14046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14046"
},
{
"name" : "libpamradiusauth-insecure-permission(19087)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013030"
},
{
"name": "libpamradiusauth-insecure-permission(19087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19087"
},
{
"name": "14046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14046"
},
{
"name": "DSA-659",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-659"
}
]
}
}

180
2004/1xxx/CVE-2004-1465.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040901 WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109416099301369&w=2"
},
{
"name" : "http://www.winzip.com/wz90sr1.htm",
"refsource" : "CONFIRM",
"url" : "http://www.winzip.com/wz90sr1.htm"
},
{
"name" : "O-211",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-211.shtml"
},
{
"name" : "11092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11092"
},
{
"name" : "1011132",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011132"
},
{
"name" : "winzip-code-execution(17192)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192"
},
{
"name" : "winzip-command-line-bo(17197)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040901 WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109416099301369&w=2"
},
{
"name": "winzip-command-line-bo(17197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197"
},
{
"name": "11092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11092"
},
{
"name": "winzip-code-execution(17192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192"
},
{
"name": "http://www.winzip.com/wz90sr1.htm",
"refsource": "CONFIRM",
"url": "http://www.winzip.com/wz90sr1.htm"
},
{
"name": "1011132",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011132"
},
{
"name": "O-211",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-211.shtml"
}
]
}
}

170
2004/1xxx/CVE-2004-1893.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dreamweaver MX, when \"Using Driver On Testing Server\" or \"Using DSN on Testing Server\" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nextgenss.com/advisories/dreamweaver.txt",
"refsource" : "MISC",
"url" : "http://www.nextgenss.com/advisories/dreamweaver.txt"
},
{
"name" : "20040403 [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108102481929451&w=2"
},
{
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html"
},
{
"name" : "10036",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10036"
},
{
"name" : "11284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11284"
},
{
"name" : "dreamweaver-test-script-sql-injection(15721)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dreamweaver MX, when \"Using Driver On Testing Server\" or \"Using DSN on Testing Server\" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040403 [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108102481929451&w=2"
},
{
"name": "11284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11284"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html"
},
{
"name": "10036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10036"
},
{
"name": "dreamweaver-test-script-sql-injection(15721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15721"
},
{
"name": "http://www.nextgenss.com/advisories/dreamweaver.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/dreamweaver.txt"
}
]
}
}

160
2004/1xxx/CVE-2004-1918.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040409 DoS in Rsniff 1.0",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108152508004665&w=2"
},
{
"name" : "http://aluigi.altervista.org/adv/rsniff-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/rsniff-adv.txt"
},
{
"name" : "10093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10093"
},
{
"name" : "11339",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11339"
},
{
"name" : "rsniff-connection-dos(15823)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/rsniff-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/rsniff-adv.txt"
},
{
"name": "11339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11339"
},
{
"name": "10093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10093"
},
{
"name": "20040409 DoS in Rsniff 1.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108152508004665&w=2"
},
{
"name": "rsniff-connection-dos(15823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15823"
}
]
}
}

160
2004/1xxx/CVE-2004-1964.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040423 [waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108276405108267&w=2"
},
{
"name" : "http://www.waraxe.us/index.php?modname=sa&id=24",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/index.php?modname=sa&id=24"
},
{
"name" : "10205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10205"
},
{
"name" : "11479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11479"
},
{
"name" : "nqt-nqtphp-xss(15929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/index.php?modname=sa&id=24",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa&id=24"
},
{
"name": "nqt-nqtphp-xss(15929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15929"
},
{
"name": "20040423 [waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108276405108267&w=2"
},
{
"name": "10205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10205"
},
{
"name": "11479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11479"
}
]
}
}

200
2008/0xxx/CVE-2008-0295.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/vlcxhof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name" : "DSA-1543",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1543"
},
{
"name" : "GLSA-200803-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"name" : "27221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27221"
},
{
"name" : "oval:org.mitre.oval:def:14776",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
},
{
"name" : "ADV-2008-0105",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name" : "28383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28383"
},
{
"name" : "29284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29284"
},
{
"name" : "29766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "27221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27221"
},
{
"name": "28383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28383"
},
{
"name": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14776",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}

170
2008/3xxx/CVE-2008-3448.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080731 [~] Greetz : Me93fg & Mr.SaFa7",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494971/100/0/threaded"
},
{
"name" : "20080927 csphonebook 1.02 Remote XSS Vulnerabilitiy",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496788/100/0/threaded"
},
{
"name" : "30485",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30485"
},
{
"name" : "31359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31359"
},
{
"name" : "4102",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4102"
},
{
"name" : "csphonebook-index-xss(44180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30485"
},
{
"name": "20080731 [~] Greetz : Me93fg & Mr.SaFa7",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494971/100/0/threaded"
},
{
"name": "4102",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4102"
},
{
"name": "31359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31359"
},
{
"name": "csphonebook-index-xss(44180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44180"
},
{
"name": "20080927 csphonebook 1.02 Remote XSS Vulnerabilitiy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496788/100/0/threaded"
}
]
}
}

34
2008/3xxx/CVE-2008-3470.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3470",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-3470",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}

160
2008/3xxx/CVE-2008-3486.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6178",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6178"
},
{
"name" : "30480",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30480"
},
{
"name" : "31295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31295"
},
{
"name" : "4108",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4108"
},
{
"name" : "coppermine-lang-file-include(44133)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31295"
},
{
"name": "4108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "30480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30480"
},
{
"name": "coppermine-lang-file-include(44133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44133"
},
{
"name": "6178",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6178"
}
]
}
}

140
2008/3xxx/CVE-2008-3495.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl"
},
{
"name" : "30534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30534"
},
{
"name" : "pcsheyportal-kategori-sql-injection(44213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pcsheyportal-kategori-sql-injection(44213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44213"
},
{
"name": "30534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30534"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl"
}
]
}
}

160
2008/3xxx/CVE-2008-3781.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released",
"refsource" : "CONFIRM",
"url" : "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707"
},
{
"name" : "30812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30812"
},
{
"name" : "31596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31596"
},
{
"name" : "gbrowse-unspecified-xss(44632)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gbrowse-unspecified-xss(44632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44632"
},
{
"name": "30812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30812"
},
{
"name": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released",
"refsource": "CONFIRM",
"url": "http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=621342&group_id=27707"
},
{
"name": "31596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31596"
}
]
}
}

160
2008/4xxx/CVE-2008-4128.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain \"show privilege\" command to the /level/15/exec/- URI, and (2) a certain \"alias exec\" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6476",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6476"
},
{
"name" : "6477",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6477"
},
{
"name" : "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html",
"refsource" : "MISC",
"url" : "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html"
},
{
"name" : "31218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31218"
},
{
"name" : "cisco-router-csrf(45226)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain \"show privilege\" command to the /level/15/exec/- URI, and (2) a certain \"alias exec\" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6476",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6476"
},
{
"name": "cisco-router-csrf(45226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45226"
},
{
"name": "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html",
"refsource": "MISC",
"url": "http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html"
},
{
"name": "6477",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6477"
},
{
"name": "31218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31218"
}
]
}
}

250
2008/4xxx/CVE-2008-4579.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=240576",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=240576"
},
{
"name" : "[oss-security] 20081013 Re: CVE Request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/13/3"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=467386",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=467386"
},
{
"name" : "FEDORA-2008-9042",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html"
},
{
"name" : "RHSA-2011:0266",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0266.html"
},
{
"name" : "RHSA-2009:1341",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1341.html"
},
{
"name" : "USN-875-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-875-1"
},
{
"name" : "31904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31904"
},
{
"name" : "oval:org.mitre.oval:def:10799",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799"
},
{
"name" : "32387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32387"
},
{
"name" : "32390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32390"
},
{
"name" : "43362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43362"
},
{
"name" : "36530",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36530"
},
{
"name" : "ADV-2011-0419",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=240576",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=240576"
},
{
"name": "RHSA-2009:1341",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1341.html"
},
{
"name": "32390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32390"
},
{
"name": "32387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32387"
},
{
"name": "oval:org.mitre.oval:def:10799",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10799"
},
{
"name": "ADV-2011-0419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0419"
},
{
"name": "USN-875-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-875-1"
},
{
"name": "31904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31904"
},
{
"name": "[oss-security] 20081013 Re: CVE Request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/13/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=467386",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=467386"
},
{
"name": "36530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36530"
},
{
"name": "FEDORA-2008-9042",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00666.html"
},
{
"name": "43362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43362"
},
{
"name": "RHSA-2011:0266",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0266.html"
}
]
}
}

150
2008/4xxx/CVE-2008-4809.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to \"Active\" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014008",
"refsource" : "MISC",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"
},
{
"name" : "31989",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31989"
},
{
"name" : "32466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32466"
},
{
"name" : "lotus-connections-active-unspecified(46217)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to \"Active\" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-connections-active-unspecified(46217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46217"
},
{
"name": "32466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32466"
},
{
"name": "31989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31989"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014008"
}
]
}
}

160
2008/6xxx/CVE-2008-6243.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6903",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6903"
},
{
"name" : "49546",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49546"
},
{
"name" : "32536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32536"
},
{
"name" : "hotscriptslikesite-software-sql-injection(46277)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46277"
},
{
"name" : "hotscriptslikesite-showcategory-sql-inject(48945)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32536"
},
{
"name": "hotscriptslikesite-software-sql-injection(46277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46277"
},
{
"name": "6903",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6903"
},
{
"name": "hotscriptslikesite-showcategory-sql-inject(48945)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48945"
},
{
"name": "49546",
"refsource": "OSVDB",
"url": "http://osvdb.org/49546"
}
]
}
}

140
2008/6xxx/CVE-2008-6342.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name" : "33301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33301"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
},
{
"name": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/simplefilebrowser/1.0.3/"
}
]
}
}

140
2008/6xxx/CVE-2008-6685.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name" : "29837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29837"
},
{
"name" : "46382",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/46382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29837"
},
{
"name": "46382",
"refsource": "OSVDB",
"url": "http://osvdb.org/46382"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}

120
2013/2xxx/CVE-2013-2188.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975406",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=975406",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=975406"
}
]
}
}

120
2013/2xxx/CVE-2013-2788.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01"
}
]
}
}

34
2013/2xxx/CVE-2013-2806.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2806",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2806",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

260
2013/2xxx/CVE-2013-2889.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-input&m=137772182014614&w=1"
},
{
"name" : "[oss-security] 20130828 Linux HID security flaws",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/08/28/13"
},
{
"name" : "RHSA-2013:1645",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name" : "USN-2019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name" : "USN-2020-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2020-1"
},
{
"name" : "USN-2021-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name" : "USN-2022-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name" : "USN-2023-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2023-1"
},
{
"name" : "USN-2024-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name" : "USN-2038-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name" : "USN-2039-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name" : "USN-2050-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name" : "USN-2015-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2015-1"
},
{
"name" : "USN-2016-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2016-1"
},
{
"name" : "62042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62042"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2015-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2015-1"
},
{
"name": "USN-2024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name": "USN-2039-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name": "USN-2022-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name": "[oss-security] 20130828 Linux HID security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/08/28/13"
},
{
"name": "RHSA-2013:1645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "USN-2016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2016-1"
},
{
"name": "USN-2038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name": "USN-2020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2020-1"
},
{
"name": "USN-2021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name": "USN-2019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name": "62042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62042"
},
{
"name": "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-input&m=137772182014614&w=1"
},
{
"name": "USN-2023-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2023-1"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
}
]
}
}

34
2013/6xxx/CVE-2013-6106.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6106",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6106",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/6xxx/CVE-2013-6197.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-6197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02959",
"refsource" : "HP",
"url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name" : "SSRT101405",
"refsource" : "HP",
"url" : "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name" : "1029541",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029541"
},
{
"name" : "hp-service-manager-cve20136197-code-exec(89974)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101405",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name": "1029541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029541"
},
{
"name": "HPSBMU02959",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04052075"
},
{
"name": "hp-service-manager-cve20136197-code-exec(89974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89974"
}
]
}
}

34
2013/6xxx/CVE-2013-6263.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6263",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6263",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

200
2013/6xxx/CVE-2013-6810.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131211 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html"
},
{
"name" : "42701",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42701/"
},
{
"name" : "42702",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42702/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-283/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-283/"
},
{
"name" : "HPSBHF02953",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=138723620521347&w=2"
},
{
"name" : "20140129 CVE-2013-6810 / EMC / HP issue is actually Brocade",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2014-January/002755.html"
},
{
"name" : "1029485",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029485"
},
{
"name" : "56143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56143"
},
{
"name" : "connectrix-manager-directory-traversal(90728)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42702",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42702/"
},
{
"name": "1029485",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029485"
},
{
"name": "20140129 CVE-2013-6810 / EMC / HP issue is actually Brocade",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2014-January/002755.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-283/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-283/"
},
{
"name": "20131211 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html"
},
{
"name": "HPSBHF02953",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=138723620521347&w=2"
},
{
"name": "42701",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42701/"
},
{
"name": "connectrix-manager-directory-traversal(90728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90728"
},
{
"name": "56143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56143"
}
]
}
}

142
2017/10xxx/CVE-2017-10216.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hospitality Suite8 Property Interfaces",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.10.x"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hospitality Suite8 Property Interfaces",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.10.x"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99654"
},
{
"name" : "1038941",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038941"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality Property Interfaces. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Property Interfaces accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name": "99654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99654"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10564.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10564",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10564",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/14xxx/CVE-2017-14034.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ebel34/bpg-web-encoder/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/ebel34/bpg-web-encoder/issues/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ebel34/bpg-web-encoder/issues/1",
"refsource": "MISC",
"url": "https://github.com/ebel34/bpg-web-encoder/issues/1"
}
]
}
}

130
2017/14xxx/CVE-2017-14578.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578"
},
{
"name" : "http://www.irfanview.net/main_history.htm",
"refsource" : "CONFIRM",
"url" : "http://www.irfanview.net/main_history.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irfanview.net/main_history.htm",
"refsource": "CONFIRM",
"url": "http://www.irfanview.net/main_history.htm"
},
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14578"
}
]
}
}

34
2017/14xxx/CVE-2017-14697.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14697",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14697",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/14xxx/CVE-2017-14972.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20<%202.2.08%20-%20CVE-2017-14972"
}
]
}
}

34
2017/15xxx/CVE-2017-15283.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15283",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15283",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/15xxx/CVE-2017-15483.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15483",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15483",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

130
2017/15xxx/CVE-2017-15662.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43451",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43451/"
},
{
"name" : "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145764/VX-Search-Enterprise-10.1.12-Denial-Of-Service.html"
},
{
"name": "43451",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43451/"
}
]
}
}

34
2017/15xxx/CVE-2017-15690.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15690",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15690",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/15xxx/CVE-2017-15946.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vulnerability-lab.com/get_content.php?id=2061",
"refsource" : "MISC",
"url" : "https://www.vulnerability-lab.com/get_content.php?id=2061"
},
{
"name" : "101942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101942"
},
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2061",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2061"
}
]
}
}

130
2017/15xxx/CVE-2017-15973.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43086",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43086/"
},
{
"name" : "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144443/Sokial-Social-Network-Script-1.0-SQL-Injection.html"
},
{
"name": "43086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43086/"
}
]
}
}

132
2017/9xxx/CVE-2017-9512.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2017-07-17T00:00:00",
"ID" : "CVE-2017-9512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Atlassian FishEye and Crucible",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2017-9512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian FishEye and Crucible",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CRUC-8053",
"refsource" : "MISC",
"url" : "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"name" : "https://jira.atlassian.com/browse/FE-6892",
"refsource" : "MISC",
"url" : "https://jira.atlassian.com/browse/FE-6892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8053",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8053"
},
{
"name": "https://jira.atlassian.com/browse/FE-6892",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-6892"
}
]
}
}

130
2017/9xxx/CVE-2017-9754.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21591",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21591"
},
{
"name" : "99125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21591",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21591"
},
{
"name": "99125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99125"
}
]
}
}

120
2017/9xxx/CVE-2017-9906.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
}
]
}
}

34
2018/0xxx/CVE-2018-0081.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0081",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0081",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/0xxx/CVE-2018-0352.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Wide Area Application Services unknown",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Wide Area Application Services unknown"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wide Area Application Services unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Wide Area Application Services unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
},
{
"name" : "104464",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104464"
},
{
"name" : "1041077",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges (level 15) to log in to the device. The vulnerability is due to insufficient validation of script files executed in the context of the Disk Check Tool. An attacker could exploit this vulnerability by replacing one script file with a malicious script file while the affected tool is running. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco Bug IDs: CSCvi72673."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104464"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-priv-escalation"
},
{
"name": "1041077",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041077"
}
]
}
}

130
2018/0xxx/CVE-2018-0545.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LXR",
"version" : {
"version_data" : [
{
"version_value" : "version 1.0.0 to 2.3.0"
}
]
}
}
]
},
"vendor_name" : "LXR Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXR",
"version": {
"version_data": [
{
"version_value": "version 1.0.0 to 2.3.0"
}
]
}
}
]
},
"vendor_name": "LXR Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lxr.sourceforge.net/en/bugsandlimits.php",
"refsource" : "CONFIRM",
"url" : "http://lxr.sourceforge.net/en/bugsandlimits.php"
},
{
"name" : "JVN#72589538",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN72589538/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#72589538",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN72589538/index.html"
},
{
"name": "http://lxr.sourceforge.net/en/bugsandlimits.php",
"refsource": "CONFIRM",
"url": "http://lxr.sourceforge.net/en/bugsandlimits.php"
}
]
}
}

152
2018/0xxx/CVE-2018-0822.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-0822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NTFS",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka \"Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Important"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTFS",
"version": {
"version_data": [
{
"version_value": "Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44147",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44147/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822"
},
{
"name" : "102942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102942"
},
{
"name" : "1040378",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka \"Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102942"
},
{
"name": "44147",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44147/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822"
},
{
"name": "1040378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040378"
}
]
}
}

234
2018/1000xxx/CVE-2018-1000140.json
View File

@ -1,119 +1,119 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "3/20/2018 10:38:48",
"ID" : "CVE-2018-1000140",
"REQUESTER" : "kev@semmle.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "librelp",
"version" : {
"version_data" : [
{
"version_value" : "1.2.14 and earlier"
}
]
}
}
]
},
"vendor_name" : "rsyslog"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "3/20/2018 10:38:48",
"ID": "CVE-2018-1000140",
"REQUESTER": "kev@semmle.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205",
"refsource" : "MISC",
"url" : "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205"
},
{
"name" : "https://lgtm.com/rules/1505913226124/",
"refsource" : "MISC",
"url" : "https://lgtm.com/rules/1505913226124/"
},
{
"name" : "DSA-4151",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4151"
},
{
"name" : "GLSA-201804-21",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-21"
},
{
"name" : "RHSA-2018:1223",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1223"
},
{
"name" : "RHSA-2018:1225",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1225"
},
{
"name" : "RHSA-2018:1701",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1701"
},
{
"name" : "RHSA-2018:1702",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1702"
},
{
"name" : "RHSA-2018:1703",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1703"
},
{
"name" : "RHSA-2018:1704",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1704"
},
{
"name" : "RHSA-2018:1707",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1707"
},
{
"name" : "USN-3612-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3612-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3612-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3612-1/"
},
{
"name": "GLSA-201804-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-21"
},
{
"name": "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205",
"refsource": "MISC",
"url": "https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205"
},
{
"name": "RHSA-2018:1703",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1703"
},
{
"name": "RHSA-2018:1704",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1704"
},
{
"name": "RHSA-2018:1702",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1702"
},
{
"name": "RHSA-2018:1225",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1225"
},
{
"name": "RHSA-2018:1707",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1707"
},
{
"name": "https://lgtm.com/rules/1505913226124/",
"refsource": "MISC",
"url": "https://lgtm.com/rules/1505913226124/"
},
{
"name": "RHSA-2018:1223",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1223"
},
{
"name": "DSA-4151",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4151"
},
{
"name": "RHSA-2018:1701",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1701"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000216.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-02T16:41:53.506666",
"DATE_REQUESTED" : "2018-07-23T16:43:09",
"ID" : "CVE-2018-1000216",
"REQUESTER" : "secure@veritas.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "cJSON",
"version" : {
"version_data" : [
{
"version_value" : "1.7.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "Dave Gamble"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-415: Double Free"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.506666",
"DATE_REQUESTED": "2018-07-23T16:43:09",
"ID": "CVE-2018-1000216",
"REQUESTER": "secure@veritas.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/DaveGamble/cJSON/issues/241",
"refsource" : "CONFIRM",
"url" : "https://github.com/DaveGamble/cJSON/issues/241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DaveGamble/cJSON/issues/241",
"refsource": "CONFIRM",
"url": "https://github.com/DaveGamble/cJSON/issues/241"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000633.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-19T17:09:33.116818",
"DATE_REQUESTED" : "2018-07-31T15:32:58",
"ID" : "CVE-2018-1000633",
"REQUESTER" : "m.t.b.carroll@dundee.ac.uk",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OMERO.web",
"version" : {
"version_data" : [
{
"version_value" : "prior to 5.4.7"
}
]
}
}
]
},
"vendor_name" : "The Open Microscopy Environment"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Log Files"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.116818",
"DATE_REQUESTED": "2018-07-31T15:32:58",
"ID": "CVE-2018-1000633",
"REQUESTER": "m.t.b.carroll@dundee.ac.uk",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html",
"refsource" : "CONFIRM",
"url" : "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html"
},
{
"name" : "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/",
"refsource" : "CONFIRM",
"url" : "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html",
"refsource": "CONFIRM",
"url": "http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html"
},
{
"name": "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/",
"refsource": "CONFIRM",
"url": "http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000800.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-09-03T16:07:16.971905",
"DATE_REQUESTED" : "2018-08-20T17:57:40",
"ID" : "CVE-2018-1000800",
"REQUESTER" : "situlingyun@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "zephyr-rtos",
"version" : {
"version_data" : [
{
"version_value" : "1.12.0"
}
]
}
}
]
},
"vendor_name" : "zephyr-rtos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "NULL base pointer reference"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.971905",
"DATE_REQUESTED": "2018-08-20T17:57:40",
"ID": "CVE-2018-1000800",
"REQUESTER": "situlingyun@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/zephyrproject-rtos/zephyr/issues/7638",
"refsource" : "CONFIRM",
"url" : "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zephyrproject-rtos/zephyr/issues/7638",
"refsource": "CONFIRM",
"url": "https://github.com/zephyrproject-rtos/zephyr/issues/7638"
}
]
}
}

73
2018/12xxx/CVE-2018-12022.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12022",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/"
},
{
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf",
"refsource": "MISC",
"name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FasterXML/jackson-databind/issues/2052",
"url": "https://github.com/FasterXML/jackson-databind/issues/2052"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a",
"url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a"
},
{
"refsource": "MISC",
"name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
}
]
}

120
2018/12xxx/CVE-2018-12984.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hycus CMS 1.0.4 allows Authentication Bypass via \"'=' 'OR'\" credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44954",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44954/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hycus CMS 1.0.4 allows Authentication Bypass via \"'=' 'OR'\" credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44954",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44954/"
}
]
}
}

130
2018/16xxx/CVE-2018-16039.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-16039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-16039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106164"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

120
2018/16xxx/CVE-2018-16277.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Image Import function in XWiki through 10.7 has XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/",
"refsource" : "MISC",
"url" : "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Image Import function in XWiki through 10.7 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/",
"refsource": "MISC",
"url": "https://mksec.tk/index.php/2018/09/27/cve-2018-16277-xss-in-xwiki/"
}
]
}
}

34
2018/16xxx/CVE-2018-16573.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16573",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16573",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16649.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16649",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16649",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2018/4xxx/CVE-2018-4113.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208693",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208693"
},
{
"name" : "https://support.apple.com/HT208694",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208694"
},
{
"name" : "https://support.apple.com/HT208695",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208695"
},
{
"name" : "https://support.apple.com/HT208696",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208696"
},
{
"name" : "https://support.apple.com/HT208697",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208697"
},
{
"name" : "https://support.apple.com/HT208698",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208698"
},
{
"name" : "GLSA-201808-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201808-04"
},
{
"name" : "USN-3635-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3635-1/"
},
{
"name" : "1040604",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040604"
},
{
"name": "https://support.apple.com/HT208698",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208698"
},
{
"name": "GLSA-201808-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name": "https://support.apple.com/HT208696",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208696"
},
{
"name": "https://support.apple.com/HT208693",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208693"
},
{
"name": "https://support.apple.com/HT208694",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208694"
},
{
"name": "https://support.apple.com/HT208697",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208697"
},
{
"name": "USN-3635-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3635-1/"
},
{
"name": "https://support.apple.com/HT208695",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208695"
}
]
}
}

34
2018/4xxx/CVE-2018-4400.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4400",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4400",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4581.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4581",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4581",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4665.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4665",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4665",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/4xxx/CVE-2018-4838.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-03-08T00:00:00",
"ID" : "CVE-2018-4838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant=",
"version" : {
"version_data" : [
{
"version_value" : "EN100 Ethernet module IEC 61850 variant : All versions < V4.30"
},
{
"version_value" : "EN100 Ethernet module PROFINET IO variant : All versions"
},
{
"version_value" : "EN100 Ethernet module Modbus TCP variant : All versions"
},
{
"version_value" : "EN100 Ethernet module DNP3 variant : All versions"
},
{
"version_value" : "EN100 Ethernet module IEC 104 variant : All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Siemens EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2018-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant=",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module IEC 61850 variant : All versions < V4.30"
},
{
"version_value": "EN100 Ethernet module PROFINET IO variant : All versions"
},
{
"version_value": "EN100 Ethernet module Modbus TCP variant : All versions"
},
{
"version_value": "EN100 Ethernet module DNP3 variant : All versions"
},
{
"version_value": "EN100 Ethernet module IEC 104 variant : All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
},
{
"name" : "103379",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103379"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Siemens EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
},
{
"name": "103379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103379"
}
]
}
}