admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:00:05 +00:00
parent e4c037ff5b
commit 97fdd1cd50
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3696 additions and 3696 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2004/1xxx/CVE-2004-1511.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041110 Hotfoon Ver 4.0 Highv Risk",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110014517703092&w=2"
},
{
"name" : "13173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13173"
},
{
"name" : "hotfoon-url-command-execution(18038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041110 Hotfoon Ver 4.0 Highv Risk",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110014517703092&w=2"
},
{
"name": "13173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13173"
},
{
"name": "hotfoon-url-command-execution(18038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18038"
}
]
}
}

150
2008/0xxx/CVE-2008-0373.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080115 Max's File Uploader File Upload Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486335/100/0/threaded"
},
{
"name" : "27285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27285"
},
{
"name" : "3572",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3572"
},
{
"name" : "max-index-file-upload(39740)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39740"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080115 Max's File Uploader File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486335/100/0/threaded"
},
{
"name": "max-index-file-upload(39740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39740"
},
{
"name": "27285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27285"
},
{
"name": "3572",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3572"
}
]
}
}

170
2008/0xxx/CVE-2008-0585.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to \"alter the behavior of\" this client by overwriting these files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066"
},
{
"name" : "IY97257",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IY97257"
},
{
"name" : "27433",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27433"
},
{
"name" : "ADV-2008-0261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0261"
},
{
"name" : "28609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28609"
},
{
"name" : "aix-websm-insecure-permissions(39906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to \"alter the behavior of\" this client by overwriting these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28609"
},
{
"name": "27433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27433"
},
{
"name": "aix-websm-insecure-permissions(39906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39906"
},
{
"name": "ADV-2008-0261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0261"
},
{
"name": "IY97257",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IY97257"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066"
}
]
}
}

160
2008/0xxx/CVE-2008-0608.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080204 Socket termination in FTP Log Server 7.9.14.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"name" : "27612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27612"
},
{
"name" : "ADV-2008-0408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0408"
},
{
"name" : "28761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28761"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0408"
},
{
"name": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ftplogsrvz-adv.txt"
},
{
"name": "20080204 Socket termination in FTP Log Server 7.9.14.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487506/100/0/threaded"
},
{
"name": "27612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27612"
},
{
"name": "28761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28761"
}
]
}
}

150
2008/0xxx/CVE-2008-0916.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5160",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5160"
},
{
"name" : "27907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27907"
},
{
"name" : "29044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29044"
},
{
"name" : "hwdvideoshare-index-sql-injection(40711)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5160",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5160"
},
{
"name": "hwdvideoshare-index-sql-injection(40711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40711"
},
{
"name": "27907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27907"
},
{
"name": "29044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29044"
}
]
}
}

180
2008/0xxx/CVE-2008-0924.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080326 ZDI-08-013: Novell eDirectory for Linux Stack Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490117/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-013/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-013/"
},
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html"
},
{
"name" : "28434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28434"
},
{
"name" : "ADV-2008-0987",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0987/references"
},
{
"name" : "1019692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019692"
},
{
"name" : "29476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019692"
},
{
"name": "ADV-2008-0987",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0987/references"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-013/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-013/"
},
{
"name": "29476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29476"
},
{
"name": "28434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28434"
},
{
"name": "20080326 ZDI-08-013: Novell eDirectory for Linux Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490117/100/0/threaded"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html"
}
]
}
}

180
2008/0xxx/CVE-2008-0978.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488632/100/0/threaded"
},
{
"name" : "http://aluigi.org/poc/doubletakedown.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/doubletakedown.zip"
},
{
"name" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/doubletakedown-adv.txt"
},
{
"name" : "27951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27951"
},
{
"name" : "ADV-2008-0666",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0666"
},
{
"name" : "29075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29075"
},
{
"name" : "3698",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which lists Ethernet adapters; (3) 0x2726, which provides filesystem information; (4) 0x274f, which specifies the printer driver; or (5) 0x2757, which provides recent log entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0666"
},
{
"name": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/doubletakedown-adv.txt"
},
{
"name": "3698",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3698"
},
{
"name": "27951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27951"
},
{
"name": "http://aluigi.org/poc/doubletakedown.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/doubletakedown.zip"
},
{
"name": "29075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29075"
},
{
"name": "20080222 Multiple vulnerabilities in Double-Take 5.0.0.2865",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488632/100/0/threaded"
}
]
}
}

150
2008/3xxx/CVE-2008-3096.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/277883",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/277883"
},
{
"name" : "30066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30066"
},
{
"name" : "30936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30936"
},
{
"name" : "outlinedesigner-unspecified-security-bypass(43548)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "outlinedesigner-unspecified-security-bypass(43548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43548"
},
{
"name": "30066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30066"
},
{
"name": "http://drupal.org/node/277883",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/277883"
},
{
"name": "30936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30936"
}
]
}
}

170
2008/3xxx/CVE-2008-3503.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/",
"refsource" : "MISC",
"url" : "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"name" : "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released",
"refsource" : "CONFIRM",
"url" : "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name" : "29927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29927"
},
{
"name" : "ADV-2008-1932",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1932/references"
},
{
"name" : "30782",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30782"
},
{
"name" : "webgui-collaboration-info-disclosure(43344)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webgui-collaboration-info-disclosure(43344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43344"
},
{
"name": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/",
"refsource": "MISC",
"url": "http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/"
},
{
"name": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released",
"refsource": "CONFIRM",
"url": "http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released"
},
{
"name": "29927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29927"
},
{
"name": "30782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30782"
},
{
"name": "ADV-2008-1932",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1932/references"
}
]
}
}

190
2008/3xxx/CVE-2008-3615.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080915 Critical Vulnerability in Apple Quicktimeâ??s Indeo Codec",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496358/100/0/threaded"
},
{
"name" : "http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/"
},
{
"name" : "http://support.apple.com/kb/HT3027",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3027"
},
{
"name" : "APPLE-SA-2008-09-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html"
},
{
"name" : "31086",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31086"
},
{
"name" : "ADV-2008-2527",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2527"
},
{
"name" : "1020841",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020841"
},
{
"name" : "31821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31086"
},
{
"name": "ADV-2008-2527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2527"
},
{
"name": "APPLE-SA-2008-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html"
},
{
"name": "1020841",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020841"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/"
},
{
"name": "http://support.apple.com/kb/HT3027",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3027"
},
{
"name": "31821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31821"
},
{
"name": "20080915 Critical Vulnerability in Apple Quicktimeâ??s Indeo Codec",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496358/100/0/threaded"
}
]
}
}

460
2008/4xxx/CVE-2008-4069.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=449703",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=449703"
},
{
"name" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
},
{
"name" : "DSA-1669",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1669"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "DSA-1649",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1649"
},
{
"name" : "FEDORA-2008-8401",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
},
{
"name" : "FEDORA-2008-8429",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
},
{
"name" : "MDVSA-2008:205",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
},
{
"name" : "RHSA-2008:0882",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
},
{
"name" : "SSA:2008-269-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232"
},
{
"name" : "SSA:2008-269-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422"
},
{
"name" : "256408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name" : "SUSE-SA:2008:050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
},
{
"name" : "USN-645-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-645-1"
},
{
"name" : "USN-645-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-645-2"
},
{
"name" : "31346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31346"
},
{
"name" : "oval:org.mitre.oval:def:11000",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11000"
},
{
"name" : "34501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34501"
},
{
"name" : "32185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32185"
},
{
"name" : "32196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32196"
},
{
"name" : "ADV-2008-2661",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2661"
},
{
"name" : "1020923",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020923"
},
{
"name" : "32042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32042"
},
{
"name" : "32144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32144"
},
{
"name" : "32044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32044"
},
{
"name" : "32845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32845"
},
{
"name" : "31984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31984"
},
{
"name" : "31985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31985"
},
{
"name" : "32010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32010"
},
{
"name" : "32012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32012"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
},
{
"name" : "ADV-2009-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name" : "firefox-xbmdecoder-information-disclosure(45361)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2008-269-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "firefox-xbmdecoder-information-disclosure(45361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45361"
},
{
"name": "FEDORA-2008-8401",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
},
{
"name": "USN-645-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-645-1"
},
{
"name": "32144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32144"
},
{
"name": "32010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32010"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=449703",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=449703"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "USN-645-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-645-2"
},
{
"name": "31346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31346"
},
{
"name": "31985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31985"
},
{
"name": "SUSE-SA:2008:050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
},
{
"name": "31984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31984"
},
{
"name": "32185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32185"
},
{
"name": "32196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32196"
},
{
"name": "1020923",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020923"
},
{
"name": "DSA-1669",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1669"
},
{
"name": "32042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32042"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "ADV-2008-2661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2661"
},
{
"name": "SSA:2008-269-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-45.html"
},
{
"name": "MDVSA-2008:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
},
{
"name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
},
{
"name": "FEDORA-2008-8429",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
},
{
"name": "http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-usa-08/Hoffman/Hoffman-BH2008-CircumventingJavaScript.ppt"
},
{
"name": "RHSA-2008:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
},
{
"name": "32845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32845"
},
{
"name": "DSA-1649",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1649"
},
{
"name": "oval:org.mitre.oval:def:11000",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11000"
},
{
"name": "32012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32012"
},
{
"name": "32044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32044"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
}
]
}
}

34
2008/4xxx/CVE-2008-4112.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4112",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candidate is a duplicate of CVE-2008-3195. Notes: All CVE users should reference CVE-2008-3195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-4112",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candidate is a duplicate of CVE-2008-3195. Notes: All CVE users should reference CVE-2008-3195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

180
2008/4xxx/CVE-2008-4308.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501250"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
"refsource" : "MISC",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
},
{
"name" : "JVN#66905322",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN66905322/index.html"
},
{
"name" : "JVNDB-2009-000010",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
},
{
"name" : "33913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33913"
},
{
"name" : "34057",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34057"
},
{
"name" : "ADV-2009-0541",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#66905322",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN66905322/index.html"
},
{
"name": "ADV-2009-0541",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0541"
},
{
"name": "JVNDB-2009-000010",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
"refsource": "MISC",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
},
{
"name": "34057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34057"
},
{
"name": "20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501250"
},
{
"name": "33913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33913"
}
]
}
}

160
2008/4xxx/CVE-2008-4355.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6442",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6442"
},
{
"name" : "31150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31150"
},
{
"name" : "ADV-2008-2559",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2559"
},
{
"name" : "31872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31872"
},
{
"name" : "pforum-showprofil-sql-injection(45079)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6442",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6442"
},
{
"name": "31872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31872"
},
{
"name": "ADV-2008-2559",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2559"
},
{
"name": "31150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31150"
},
{
"name": "pforum-showprofil-sql-injection(45079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45079"
}
]
}
}

180
2008/7xxx/CVE-2008-7173.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080617 Hacking Coffee Makers.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493387/100/0/threaded"
},
{
"name" : "20080618 A more detailed description of the Jura F90 vulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493433/100/0/threaded"
},
{
"name" : "20080618 RE: A more detailed description of the Jura F90 vulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493440/100/0/threaded"
},
{
"name" : "http://news.cnet.com/8301-10784_3-9970757-7.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-10784_3-9970757-7.html"
},
{
"name" : "20080618 coffee maker hacks - yes or no?",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2008-June/002002.html"
},
{
"name" : "29767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29767"
},
{
"name" : "46407",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/46407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080618 RE: A more detailed description of the Jura F90 vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493440/100/0/threaded"
},
{
"name": "46407",
"refsource": "OSVDB",
"url": "http://osvdb.org/46407"
},
{
"name": "29767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29767"
},
{
"name": "20080618 A more detailed description of the Jura F90 vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493433/100/0/threaded"
},
{
"name": "http://news.cnet.com/8301-10784_3-9970757-7.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-10784_3-9970757-7.html"
},
{
"name": "20080617 Hacking Coffee Makers.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493387/100/0/threaded"
},
{
"name": "20080618 coffee maker hacks - yes or no?",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2008-June/002002.html"
}
]
}
}

120
2013/2xxx/CVE-2013-2043.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-024/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-024/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-024/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-024/"
}
]
}
}

150
2013/2xxx/CVE-2013-2143.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32515",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32515"
},
{
"name" : "http://packetstormsecurity.com/files/125866/Katello-Red-Hat-Satellite-users-update_roles-Missing-Authorization.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125866/Katello-Red-Hat-Satellite-users-update_roles-Missing-Authorization.html"
},
{
"name" : "66434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66434"
},
{
"name" : "104981",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/104981"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32515",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32515"
},
{
"name": "http://packetstormsecurity.com/files/125866/Katello-Red-Hat-Satellite-users-update_roles-Missing-Authorization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125866/Katello-Red-Hat-Satellite-users-update_roles-Missing-Authorization.html"
},
{
"name": "66434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66434"
},
{
"name": "104981",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/104981"
}
]
}
}

250
2013/2xxx/CVE-2013-2206.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130620 Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/21/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2815633504b442ca0b0605c16bf3d88a3a0fcea"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=976562",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=976562"
},
{
"name" : "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea"
},
{
"name" : "DSA-2766",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2766"
},
{
"name" : "RHSA-2013:1166",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"name" : "RHSA-2013:1173",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
},
{
"name" : "openSUSE-SU-2013:1971",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name" : "SUSE-SU-2013:1744",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html"
},
{
"name" : "SUSE-SU-2013:1748",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html"
},
{
"name" : "SUSE-SU-2013:1749",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html"
},
{
"name" : "SUSE-SU-2013:1750",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html"
},
{
"name" : "USN-1939-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1939-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"name": "SUSE-SU-2013:1749",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea"
},
{
"name": "SUSE-SU-2013:1744",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html"
},
{
"name": "SUSE-SU-2013:1750",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html"
},
{
"name": "RHSA-2013:1173",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
},
{
"name": "DSA-2766",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2766"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "SUSE-SU-2013:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=976562",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=976562"
},
{
"name": "USN-1939-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1939-1"
},
{
"name": "[oss-security] 20130620 Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/21/1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2815633504b442ca0b0605c16bf3d88a3a0fcea",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2815633504b442ca0b0605c16bf3d88a3a0fcea"
}
]
}
}

34
2013/2xxx/CVE-2013-2257.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2257",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2257",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2013/3xxx/CVE-2013-3462.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
},
{
"name" : "1028938",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
},
{
"name": "1028938",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028938"
}
]
}
}

170
2013/3xxx/CVE-2013-3664.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"name" : "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource" : "MISC",
"url" : "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name" : "http://www.binamuse.com/advisories/BINA-20130521A.txt",
"refsource" : "MISC",
"url" : "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name" : "60248",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60248"
},
{
"name" : "53635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53635"
},
{
"name" : "sketchup-cve20133664-bo(84723)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130531 CVE-2013-3664 - Sketchup Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-06/0008.html"
},
{
"name": "http://www.binamuse.com/advisories/BINA-20130521A.txt",
"refsource": "MISC",
"url": "http://www.binamuse.com/advisories/BINA-20130521A.txt"
},
{
"name": "sketchup-cve20133664-bo(84723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84723"
},
{
"name": "60248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60248"
},
{
"name": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html",
"refsource": "MISC",
"url": "http://blog.binamuse.com/2013/05/multiple-vulnerabilities-on-sketchup.html"
},
{
"name": "53635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53635"
}
]
}
}

150
2013/3xxx/CVE-2013-3956.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "26452",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/26452"
},
{
"name" : "27191",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/27191"
},
{
"name" : "http://pastebin.com/GB4iiEwR",
"refsource" : "MISC",
"url" : "http://pastebin.com/GB4iiEwR"
},
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7012497",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7012497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pastebin.com/GB4iiEwR",
"refsource": "MISC",
"url": "http://pastebin.com/GB4iiEwR"
},
{
"name": "26452",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/26452"
},
{
"name": "27191",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/27191"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012497",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012497"
}
]
}
}

120
2013/6xxx/CVE-2013-6344.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7012027",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7012027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012027",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012027"
}
]
}
}

120
2013/6xxx/CVE-2013-6830.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131119 pineapp mailsecure no authenticated privilege escalation & remote execution code",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0139.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131119 pineapp mailsecure no authenticated privilege escalation & remote execution code",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0139.html"
}
]
}
}

140
2013/6xxx/CVE-2013-6957.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603"
},
{
"name" : "100860",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100860"
},
{
"name" : "1029491",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029491"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10603"
},
{
"name": "1029491",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029491"
},
{
"name": "100860",
"refsource": "OSVDB",
"url": "http://osvdb.org/100860"
}
]
}
}

230
2013/7xxx/CVE-2013-7456.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160526 Re: Fwd: CVE for PHP 5.5.36 issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/26/3"
},
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "http://php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=72227",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=72227"
},
{
"name" : "https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a"
},
{
"name" : "https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name" : "DSA-3587",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3587"
},
{
"name" : "DSA-3602",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3602"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "USN-3030-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3030-1"
},
{
"name" : "90859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90859"
},
{
"name": "[oss-security] 20160526 Re: Fwd: CVE for PHP 5.5.36 issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/3"
},
{
"name": "https://bugs.php.net/bug.php?id=72227",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72227"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "DSA-3602",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3602"
},
{
"name": "https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/7a1aac3343af85b4af4df5f8844946eaa27394ab?w=1"
},
{
"name": "https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "DSA-3587",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3587"
},
{
"name": "USN-3030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3030-1"
}
]
}
}

190
2017/10xxx/CVE-2017-10245.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "General Ledger",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "General Ledger",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected": "=",
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99690"
},
{
"name" : "1038926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038926"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99690"
},
{
"name": "1038926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038926"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/10xxx/CVE-2017-10944.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-10944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "8.3.0.14878"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-10944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "8.3.0.14878"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-457",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-457"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-457",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-457"
}
]
}
}

120
2017/14xxx/CVE-2017-14197.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/"
}
]
}
}

142
2017/14xxx/CVE-2017-14593.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-01-24T00:00:00",
"ID" : "CVE-2017-14593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sourcetree for Windows",
"version" : {
"version_data" : [
{
"version_value" : "Versions starting with 0.5.1.0 before version 2.4.7.0"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-01-24T00:00:00",
"ID": "CVE-2017-14593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for Windows",
"version": {
"version_data": [
{
"version_value": "Versions starting with 0.5.1.0 before version 2.4.7.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
"refsource" : "CONFIRM",
"url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
},
{
"name" : "https://jira.atlassian.com/browse/SRCTREEWIN-8256",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/SRCTREEWIN-8256"
},
{
"name" : "102926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102926"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102926"
},
{
"name": "https://jira.atlassian.com/browse/SRCTREEWIN-8256",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREEWIN-8256"
},
{
"name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
]
}
}

130
2017/14xxx/CVE-2017-14635.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/",
"refsource" : "CONFIRM",
"url" : "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
},
{
"name" : "DSA-4021",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4021",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4021"
},
{
"name": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/"
}
]
}
}

130
2017/14xxx/CVE-2017-14929.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=102969",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"name" : "DSA-4097",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=102969",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102969"
},
{
"name": "DSA-4097",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4097"
}
]
}
}

170
2017/17xxx/CVE-2017-17784.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/12/19/5",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/12/19/5"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=790784",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=790784"
},
{
"name" : "DSA-4077",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4077"
},
{
"name" : "USN-3539-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3539-1/"
},
{
"name" : "102899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4077",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4077"
},
{
"name": "102899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102899"
},
{
"name": "USN-3539-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3539-1/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/12/19/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/12/19/5"
},
{
"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=790784",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=790784"
}
]
}
}

34
2017/9xxx/CVE-2017-9121.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9121",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9121",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/9xxx/CVE-2017-9171.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
}

120
2017/9xxx/CVE-2017-9482.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-25.atom-telnet.txt",
"refsource" : "MISC",
"url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-25.atom-telnet.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-25.atom-telnet.txt",
"refsource": "MISC",
"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-25.atom-telnet.txt"
}
]
}
}

130
2018/0xxx/CVE-2018-0524.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jubatus",
"version" : {
"version_data" : [
{
"version_value" : "1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jubatus Community"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jubatus",
"version": {
"version_data": [
{
"version_value": "1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Jubatus Community"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jubatus/jubatus/blob/master/ChangeLog.rst",
"refsource" : "MISC",
"url" : "https://github.com/jubatus/jubatus/blob/master/ChangeLog.rst"
},
{
"name" : "JVN#56132776",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN56132776/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jubatus/jubatus/blob/master/ChangeLog.rst",
"refsource": "MISC",
"url": "https://github.com/jubatus/jubatus/blob/master/ChangeLog.rst"
},
{
"name": "JVN#56132776",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN56132776/index.html"
}
]
}
}

182
2018/0xxx/CVE-2018-0707.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@qnapsecurity.com.tw",
"DATE_PUBLIC" : "2018-07-10T00:00:00",
"ID" : "CVE-2018-0707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Q'center Virtual Appliance",
"version" : {
"version_data" : [
{
"version_value" : "1.7.1063 and earlier"
}
]
}
}
]
},
"vendor_name" : "QNAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-0707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Q'center Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "1.7.1063 and earlier"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
},
{
"name" : "45015",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45015/"
},
{
"name" : "45043",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45043/"
},
{
"name" : "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/45"
},
{
"name" : "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
},
{
"name" : "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
},
{
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45015",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45015/"
},
{
"name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
},
{
"name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/45"
},
{
"name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
},
{
"name": "45043",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45043/"
},
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
},
{
"name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
}
]
}
}

142
2018/0xxx/CVE-2018-0771.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-0771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka \"Microsoft Edge Security Feature Bypass\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Moderate"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0771",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0771"
},
{
"name" : "102857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102857"
},
{
"name" : "1040372",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka \"Microsoft Edge Security Feature Bypass\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moderate"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102857"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0771",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0771"
},
{
"name": "1040372",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040372"
}
]
}
}

142
2018/0xxx/CVE-2018-0852.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-0852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0851."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Critical"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R)."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852"
},
{
"name" : "102871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102871"
},
{
"name" : "1040368",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Critical"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102871"
},
{
"name": "1040368",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040368"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852"
}
]
}
}

142
2018/0xxx/CVE-2018-0936.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ChakraCore, Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore and Microsoft Windows 10 1709."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ChakraCore, Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "ChakraCore and Microsoft Windows 10 1709."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0936",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0936"
},
{
"name" : "103270",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103270"
},
{
"name" : "1040507",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka \"Chakra Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0936",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0936"
},
{
"name": "103270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103270"
},
{
"name": "1040507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040507"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000822.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.460601",
"DATE_REQUESTED" : "2018-10-28T03:39:47",
"ID" : "CVE-2018-1000822",
"REQUESTER" : "sajeeb@0dd.zone",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "fess",
"version" : {
"version_data" : [
{
"version_value" : "before commit faa265b"
}
]
}
}
]
},
"vendor_name" : "codelibs"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.460601",
"DATE_REQUESTED": "2018-10-28T03:39:47",
"ID": "CVE-2018-1000822",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0dd.zone/2018/10/27/fess-XXE/",
"refsource" : "MISC",
"url" : "https://0dd.zone/2018/10/27/fess-XXE/"
},
{
"name" : "https://github.com/codelibs/fess/issues/1851",
"refsource" : "MISC",
"url" : "https://github.com/codelibs/fess/issues/1851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0dd.zone/2018/10/27/fess-XXE/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/10/27/fess-XXE/"
},
{
"name": "https://github.com/codelibs/fess/issues/1851",
"refsource": "MISC",
"url": "https://github.com/codelibs/fess/issues/1851"
}
]
}
}

34
2018/16xxx/CVE-2018-16102.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16102",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16102",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

120
2018/16xxx/CVE-2018-16210.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45581",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45581/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45581",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45581/"
}
]
}
}

34
2018/19xxx/CVE-2018-19308.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19308",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19308",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19642",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19668.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19668",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19668",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/19xxx/CVE-2018-19877.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45958",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45958/"
},
{
"name" : "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/",
"refsource" : "MISC",
"url" : "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/",
"refsource": "MISC",
"url": "https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/"
},
{
"name": "45958",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45958/"
}
]
}
}

132
2018/1xxx/CVE-2018-1052.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-02-08T00:00:00",
"ID" : "CVE-2018-1052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
{
"version_value" : "10.x before 10.2"
}
]
}
}
]
},
"vendor_name" : "The PostgreSQL Global Development Group"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-02-08T00:00:00",
"ID": "CVE-2018-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "10.x before 10.2"
}
]
}
}
]
},
"vendor_name": "The PostgreSQL Global Development Group"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.postgresql.org/about/news/1829/",
"refsource" : "CONFIRM",
"url" : "https://www.postgresql.org/about/news/1829/"
},
{
"name" : "102987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102987"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.postgresql.org/about/news/1829/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1829/"
},
{
"name": "102987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102987"
}
]
}
}

34
2018/4xxx/CVE-2018-4053.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4053",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4053",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2018/4xxx/CVE-2018-4241.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Kernel\" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44849",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44849/"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1558",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1558"
},
{
"name" : "https://support.apple.com/HT208848",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208848"
},
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
},
{
"name" : "https://support.apple.com/HT208850",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208850"
},
{
"name" : "https://support.apple.com/HT208851",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208851"
},
{
"name" : "1041027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Kernel\" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44849",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44849/"
},
{
"name": "https://support.apple.com/HT208850",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208850"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1558",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1558"
},
{
"name": "https://support.apple.com/HT208851",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208851"
},
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4540.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4540",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4540",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4869.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4869",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4869",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/4xxx/CVE-2018-4929.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Experience Manager AEM 6.2 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Experience Manager AEM 6.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Experience Manager AEM 6.2 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Experience Manager AEM 6.2 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html"
},
{
"name" : "103707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103707"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html"
}
]
}
}