admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:38:09 +00:00
parent a35b7b086c
commit a26b63dc12
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3675 additions and 3675 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2008/0xxx/CVE-2008-0149.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0149", "ID": "CVE-2008-0149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4861", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4861" "lang": "eng",
}, "value": "TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function."
{ }
"name" : "28291", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/28291" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28291"
},
{
"name": "4861",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4861"
}
]
}
}

180
2008/0xxx/CVE-2008-0174.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2008-0174", "ID": "CVE-2008-0174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487075/100/0/threaded" "lang": "eng",
}, "value": "GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges."
{ }
"name" : "20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/487244/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#180876", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/180876" ]
}, },
{ "references": {
"name" : "30754", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30754" "name": "20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/487244/100/0/threaded"
"name" : "1019273", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019273" "name": "VU#180876",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/180876"
"name" : "3590", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3590" "name": "3590",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3590"
} },
} {
"name": "1019273",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019273"
},
{
"name": "http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459",
"refsource": "CONFIRM",
"url": "http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459"
},
{
"name": "20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487075/100/0/threaded"
},
{
"name": "30754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30754"
}
]
}
}

230
2008/0xxx/CVE-2008-0347.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0347", "ID": "CVE-2008-0347",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080130 PeteFinnigan.com Limited advisory for Oracle January 2008 CPU", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487322/100/100/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges."
{ }
"name" : "http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm", ]
"refsource" : "MISC", },
"url" : "http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" ]
}, },
{ "references": {
"name" : "SSRT061201", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" "name": "1019218",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019218"
"name" : "TA08-017A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" "name": "27229",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27229"
"name" : "27229", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27229" "name": "TA08-017A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
"name" : "ADV-2008-0150", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0150" "name": "ADV-2008-0150",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0150"
"name" : "ADV-2008-0180", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0180" "name": "ADV-2008-0180",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0180"
"name" : "1019218", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019218" "name": "SSRT061201",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
"name" : "28518", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28518" "name": "http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm",
}, "refsource": "MISC",
{ "url": "http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm"
"name" : "28556", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28556" "name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
} },
} {
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name": "28556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28556"
},
{
"name": "28518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28518"
},
{
"name": "20080130 PeteFinnigan.com Limited advisory for Oracle January 2008 CPU",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487322/100/100/threaded"
}
]
}
}

160
2008/0xxx/CVE-2008-0840.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0840", "ID": "CVE-2008-0840",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080217 lightblog 9.6 local file inclusion vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488283/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter."
{ }
"name" : "5140", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27837", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27837" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-0621", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/0621" ]
}, },
{ "references": {
"name" : "29017", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29017" "name": "ADV-2008-0621",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/0621"
} },
} {
"name": "5140",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5140"
},
{
"name": "27837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27837"
},
{
"name": "29017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29017"
},
{
"name": "20080217 lightblog 9.6 local file inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488283/100/0/threaded"
}
]
}
}

180
2008/1xxx/CVE-2008-1148.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1148", "ID": "CVE-2008-1148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka \"Algorithm A0\"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf" "lang": "eng",
}, "value": "A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka \"Algorithm A0\"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting."
{ }
"name" : "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html", ]
"refsource" : "MISC", },
"url" : "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487658" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27647", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27647" ]
}, },
{ "references": {
"name" : "28819", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28819" "name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/487658"
"name" : "openbsd-prng-dns-spoofing(40329)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329" "name": "openbsd-add-weak-security(41157)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41157"
"name" : "openbsd-add-weak-security(41157)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41157" "name": "28819",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/28819"
} },
} {
"name": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "27647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27647"
}
]
}
}

200
2008/1xxx/CVE-2008-1445.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-1445", "ID": "CVE-2008-1445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493338/100/0/threaded" "lang": "eng",
}, "value": "Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request."
{ }
"name" : "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/493342/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS08-035", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-162B", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-162B.html" ]
}, },
{ "references": {
"name" : "29584", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29584" "name": "ADV-2008-1782",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1782"
"name" : "oval:org.mitre.oval:def:4910", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910" "name": "29584",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29584"
"name" : "ADV-2008-1782", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1782" "name": "1020229",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020229"
"name" : "1020229", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020229" "name": "20080613 Securify bulletin: Microsoft Active Directory Denial-of-service",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493338/100/0/threaded"
"name" : "30586", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30586" "name": "TA08-162B",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
} },
} {
"name": "MS08-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-035"
},
{
"name": "20080613 RE: Securify bulletin: Microsoft Active Directory Denial-of-service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493342/100/0/threaded"
},
{
"name": "30586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30586"
},
{
"name": "oval:org.mitre.oval:def:4910",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4910"
}
]
}
}

240
2008/1xxx/CVE-2008-1817.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1817", "ID": "CVE-2008-1817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080416 Oracle - SQL Injection in package SDO_IDX [DB07]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490920/100/0/threaded" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection."
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" ]
}, },
{ "references": {
"name" : "SSRT061201", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" "name": "oracle-cpu-april-2008(41858)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
"name" : "ADV-2008-1233", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1233/references" "name": "ADV-2008-1267",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1267/references"
"name" : "ADV-2008-1267", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1267/references" "name": "ADV-2008-1233",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1233/references"
"name" : "1019855", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019855" "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html"
"name" : "29874", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29874" "name": "1019855",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019855"
"name" : "29829", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29829" "name": "oracle-database-sdoidx-sql-injection(42001)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42001"
"name" : "oracle-cpu-april-2008(41858)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" "name": "29829",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29829"
"name" : "oracle-database-rdbms-info-disclosure(42002)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42002" "name": "HPSBMA02133",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
"name" : "oracle-database-sdoidx-sql-injection(42001)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42001" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
} },
} {
"name": "29874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29874"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"name": "20080416 Oracle - SQL Injection in package SDO_IDX [DB07]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490920/100/0/threaded"
},
{
"name": "oracle-database-rdbms-info-disclosure(42002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42002"
}
]
}
}

150
2008/1xxx/CVE-2008-1872.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1872", "ID": "CVE-2008-1872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5362", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5362" "lang": "eng",
}, "value": "SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "28622", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28622" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29697", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29697" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "newspublisher-index-sql-injection(41663)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41663" ]
} },
] "references": {
} "reference_data": [
} {
"name": "29697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29697"
},
{
"name": "28622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28622"
},
{
"name": "newspublisher-index-sql-injection(41663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41663"
},
{
"name": "5362",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5362"
}
]
}
}

140
2008/1xxx/CVE-2008-1985.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1985", "ID": "CVE-2008-1985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php."
{ }
"name" : "28918", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28918" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "digitalhive-base-xss(42006)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42006" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html",
"refsource": "MISC",
"url": "http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html"
},
{
"name": "28918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28918"
},
{
"name": "digitalhive-base-xss(42006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42006"
}
]
}
}

150
2008/4xxx/CVE-2008-4016.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2008-4016", "ID": "CVE-2008-4016",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors."
{ }
"name" : "33177", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33177" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-0115", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0115" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33525", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33525" ]
} },
] "references": {
} "reference_data": [
} {
"name": "33525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33525"
},
{
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}
}

180
2008/4xxx/CVE-2008-4402.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4402", "ID": "CVE-2008-4402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt" "lang": "eng",
}, "value": "Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31531", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31531" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2712", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2712" ]
}, },
{ "references": {
"name" : "1020974", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020974" "name": "31531",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31531"
"name" : "32097", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32097" "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3087_Readme.txt"
"name" : "trendmicro-officescan-cgi-dos(45608)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608" "name": "trendmicro-officescan-cgi-dos(45608)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45608"
} },
} {
"name": "32097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32097"
},
{
"name": "1020974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020974"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2439_Readme.txt"
},
{
"name": "ADV-2008-2712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2712"
}
]
}
}

220
2008/5xxx/CVE-2008-5238.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5238", "ID": "CVE-2008-5238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495674/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field."
{ }
"name" : "http://www.ocert.org/analysis/2008-008/analysis.txt", ]
"refsource" : "MISC", },
"url" : "http://www.ocert.org/analysis/2008-008/analysis.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=619869", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=619869" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-7512", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" ]
}, },
{ "references": {
"name" : "FEDORA-2008-7572", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" "name": "30797",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30797"
"name" : "SUSE-SR:2009:004", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" "name": "1020703",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020703"
"name" : "30797", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30797" "name": "xinelib-realparsemdpr-bo(44650)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650"
"name" : "1020703", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020703" "name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
}, "refsource": "MISC",
{ "url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
"name" : "31827", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31827" "name": "4648",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4648"
"name" : "4648", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4648" "name": "31827",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31827"
"name" : "xinelib-realparsemdpr-bo(44650)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44650" "name": "FEDORA-2008-7572",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
} },
} {
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}

160
2008/5xxx/CVE-2008-5560.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5560", "ID": "CVE-2008-5560",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7398", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7398" "lang": "eng",
}, "value": "PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb."
{ }
"name" : "50629", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/50629" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33067", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33067" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4725", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4725" ]
}, },
{ "references": {
"name" : "postecards-postcards-info-disclosure(47195)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47195" "name": "50629",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/50629"
} },
} {
"name": "4725",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4725"
},
{
"name": "7398",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7398"
},
{
"name": "postecards-postcards-info-disclosure(47195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47195"
},
{
"name": "33067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33067"
}
]
}
}

120
2013/0xxx/CVE-2013-0301.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0301", "ID": "CVE-2013-0301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-004/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-004/" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-004/"
}
]
}
}

130
2013/3xxx/CVE-2013-3422.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3422", "ID": "CVE-2013-3422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130712 Cisco Secure Access Control System Administration Page Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3422" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165."
{ }
"name" : "cisco-acs-cve20133422-xss(85623)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85623" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-acs-cve20133422-xss(85623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85623"
},
{
"name": "20130712 Cisco Secure Access Control System Administration Page Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3422"
}
]
}
}

180
2013/3xxx/CVE-2013-3728.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3728", "ID": "CVE-2013-3728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130703 Multiple Vulnerabilities in Kasseler CMS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2013/Jul/26" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php."
{ }
"name" : "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23158", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23158" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://diff.kasseler-cms.net/svn.html", ]
"refsource" : "CONFIRM", }
"url" : "http://diff.kasseler-cms.net/svn.html" ]
}, },
{ "references": {
"name" : "http://diff.kasseler-cms.net/svn/patches/1232.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://diff.kasseler-cms.net/svn/patches/1232.html" "name": "https://www.htbridge.com/advisory/HTB23158",
}, "refsource": "MISC",
{ "url": "https://www.htbridge.com/advisory/HTB23158"
"name" : "94780", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/94780" "name": "kasselercms-cve20133728-admin-xss(85408)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85408"
"name" : "kasselercms-cve20133728-admin-xss(85408)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85408" "name": "20130703 Multiple Vulnerabilities in Kasseler CMS",
} "refsource": "BUGTRAQ",
] "url": "http://seclists.org/bugtraq/2013/Jul/26"
} },
} {
"name": "http://diff.kasseler-cms.net/svn.html",
"refsource": "CONFIRM",
"url": "http://diff.kasseler-cms.net/svn.html"
},
{
"name": "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html"
},
{
"name": "http://diff.kasseler-cms.net/svn/patches/1232.html",
"refsource": "CONFIRM",
"url": "http://diff.kasseler-cms.net/svn/patches/1232.html"
},
{
"name": "94780",
"refsource": "OSVDB",
"url": "http://osvdb.org/94780"
}
]
}
}

170
2013/4xxx/CVE-2013-4160.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4160", "ID": "CVE-2013-4160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[distro-pkg-dev] 20130708 [SECURITY] IcedTea 2.4.1 for OpenJDK 7 Released!", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html" "lang": "eng",
}, "value": "Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed."
{ }
"name" : "[oss-security] 20130718 CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2013/07/18/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20130722 Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2013/07/22/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9" ]
}, },
{ "references": {
"name" : "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9" "name": "[oss-security] 20130718 CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2013/07/18/7"
"name" : "USN-1911-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1911-1" "name": "[distro-pkg-dev] 20130708 [SECURITY] IcedTea 2.4.1 for OpenJDK 7 Released!",
} "refsource": "MLIST",
] "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html"
} },
} {
"name": "USN-1911-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1911-1"
},
{
"name": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9"
},
{
"name": "[oss-security] 20130722 Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/07/22/1"
}
]
}
}

120
2013/4xxx/CVE-2013-4888.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4888", "ID": "CVE-2013-4888",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html"
}
]
}
}

34
2013/6xxx/CVE-2013-6158.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6158", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6158",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6262.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6262", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6262",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

440
2013/6xxx/CVE-2013-6630.json
View File

@ -1,222 +1,222 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6630", "ID": "CVE-2013-6630",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131112 bugs in IJG jpeg6b & libjpeg-turbo", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html" "lang": "eng",
}, "value": "The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image."
{ }
"name" : "http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8", ]
"refsource" : "CONFIRM", },
"url" : "http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=299835", ]
"refsource" : "CONFIRM", }
"url" : "https://code.google.com/p/chromium/issues/detail?id=299835" ]
}, },
{ "references": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html" "name": "20131112 bugs in IJG jpeg6b & libjpeg-turbo",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=891693", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=891693" "name": "openSUSE-SU-2013:1958",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html"
"name" : "http://advisories.mageia.org/MGASA-2013-0333.html", },
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2013-0333.html" "name": "RHSA-2013:1803",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1803.html"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "name": "openSUSE-SU-2013:1957",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html"
"name" : "DSA-2799", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2799" "name": "56175",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56175"
"name" : "FEDORA-2013-23127", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" "name": "FEDORA-2013-23127",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html"
"name" : "FEDORA-2013-23291", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html" "name": "openSUSE-SU-2014:0065",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name" : "FEDORA-2013-23295", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html" "name": "FEDORA-2013-23519",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html"
"name" : "FEDORA-2013-23519", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" "name": "1029470",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029470"
"name" : "GLSA-201606-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201606-03" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=891693",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=891693"
"name" : "MDVSA-2013:273", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273" "name": "openSUSE-SU-2013:1917",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html"
"name" : "RHSA-2013:1803", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1803.html" "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-116.html"
"name" : "openSUSE-SU-2013:1776", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" "name": "openSUSE-SU-2013:1959",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html"
"name" : "openSUSE-SU-2013:1777", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "openSUSE-SU-2013:1861", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" "name": "openSUSE-SU-2013:1916",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html"
"name" : "openSUSE-SU-2013:1957", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html" "name": "openSUSE-SU-2014:0008",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html"
"name" : "openSUSE-SU-2013:1958", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html" "name": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html"
"name" : "openSUSE-SU-2013:1959", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html" "name": "1029476",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029476"
"name" : "openSUSE-SU-2014:0008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" "name": "openSUSE-SU-2013:1776",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"
"name" : "openSUSE-SU-2013:1916", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" "name": "GLSA-201606-03",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201606-03"
"name" : "openSUSE-SU-2013:1917", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" "name": "openSUSE-SU-2013:1918",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html"
"name" : "openSUSE-SU-2013:1918", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" "name": "FEDORA-2013-23291",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html"
"name" : "openSUSE-SU-2014:0065", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" "name": "USN-2052-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2052-1"
"name" : "USN-2052-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2052-1" "name": "DSA-2799",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2799"
"name" : "USN-2053-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2053-1" "name": "openSUSE-SU-2013:1861",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
"name" : "USN-2060-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2060-1" "name": "http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8",
}, "refsource": "CONFIRM",
{ "url": "http://git.chromium.org/gitweb/?p=chromium/deps/libjpeg_turbo.git;a=commit;h=32cab49bd4cb1ce069a435fd75f9439c34ddc6f8"
"name" : "1029470", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029470" "name": "openSUSE-SU-2013:1777",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html"
"name" : "1029476", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029476" "name": "https://code.google.com/p/chromium/issues/detail?id=299835",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=299835"
"name" : "56175", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56175" "name": "http://advisories.mageia.org/MGASA-2013-0333.html",
} "refsource": "CONFIRM",
] "url": "http://advisories.mageia.org/MGASA-2013-0333.html"
} },
} {
"name": "MDVSA-2013:273",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:273"
},
{
"name": "USN-2060-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2060-1"
},
{
"name": "USN-2053-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2053-1"
},
{
"name": "FEDORA-2013-23295",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html"
}
]
}
}

160
2013/6xxx/CVE-2013-6793.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6793", "ID": "CVE-2013-6793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131029 Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2013/Oct/154" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field."
{ }
"name" : "29279", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/29279" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/123825/Olat-CMS-7.8.0.1-Cross-Site-Scripting.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/123825/Olat-CMS-7.8.0.1-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vulnerability-lab.com/get_content.php?id=1125", ]
"refsource" : "MISC", }
"url" : "http://www.vulnerability-lab.com/get_content.php?id=1125" ]
}, },
{ "references": {
"name" : "99075", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99075" "name": "29279",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/29279"
} },
} {
"name": "99075",
"refsource": "OSVDB",
"url": "http://osvdb.org/99075"
},
{
"name": "http://packetstormsecurity.com/files/123825/Olat-CMS-7.8.0.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123825/Olat-CMS-7.8.0.1-Cross-Site-Scripting.html"
},
{
"name": "20131029 Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Oct/154"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1125",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1125"
}
]
}
}

120
2013/6xxx/CVE-2013-6918.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6918", "ID": "CVE-2013-6918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the \"Web Management via WAN\" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131122 Unauthorized console access on Satechi travel router v1.5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0123.html" "lang": "eng",
} "value": "The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the \"Web Management via WAN\" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131122 Unauthorized console access on Satechi travel router v1.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0123.html"
}
]
}
}

170
2013/7xxx/CVE-2013-7009.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7009", "ID": "CVE-2013-7009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2013/11/26/7" "lang": "eng",
}, "value": "The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data."
{ }
"name" : "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2013/12/08/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://ffmpeg.org/security.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://ffmpeg.org/security.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34" ]
}, },
{ "references": {
"name" : "https://trac.ffmpeg.org/ticket/2850", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://trac.ffmpeg.org/ticket/2850" "name": "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34"
"name" : "GLSA-201603-06", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-06" "name": "GLSA-201603-06",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201603-06"
} },
} {
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "[oss-security] 20131208 Re: CVE Request: FFmpeg 2.1 multiple problems",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/08/3"
},
{
"name": "https://trac.ffmpeg.org/ticket/2850",
"refsource": "CONFIRM",
"url": "https://trac.ffmpeg.org/ticket/2850"
},
{
"name": "[oss-security] 20131126 CVE Request: FFmpeg 2.1 multiple problems",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/11/26/7"
}
]
}
}

140
2013/7xxx/CVE-2013-7243.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7243", "ID": "CVE-2013-7243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/124711", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/124711" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621."
{ }
"name" : "101922", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/101922" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "getsimplecms-cve20137243-xss(90191)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90191" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "getsimplecms-cve20137243-xss(90191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90191"
},
{
"name": "http://packetstormsecurity.com/files/124711",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124711"
},
{
"name": "101922",
"refsource": "OSVDB",
"url": "http://osvdb.org/101922"
}
]
}
}

200
2013/7xxx/CVE-2013-7303.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2013-7303", "ID": "CVE-2013-7303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q1/123" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field."
{ }
"name" : "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2014/q1/128" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://core.spip.org/projects/spip/repository/revisions/20902", "description": [
"refsource" : "CONFIRM", {
"url" : "http://core.spip.org/projects/spip/repository/revisions/20902" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.spip.net/fr_article5648.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.spip.net/fr_article5648.html" ]
}, },
{ "references": {
"name" : "http://www.spip.net/fr_article5665.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.spip.net/fr_article5665.html" "name": "56381",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56381"
"name" : "http://zone.spip.org/trac/spip-zone/changeset/77768", },
"refsource" : "CONFIRM", {
"url" : "http://zone.spip.org/trac/spip-zone/changeset/77768" "name": "http://core.spip.org/projects/spip/repository/revisions/20902",
}, "refsource": "CONFIRM",
{ "url": "http://core.spip.org/projects/spip/repository/revisions/20902"
"name" : "1029703", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029703" "name": "spip-cve20137303-xss(90643)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643"
"name" : "56381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56381" "name": "1029703",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029703"
"name" : "spip-cve20137303-xss(90643)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90643" "name": "[oss-security] 20140120 Re: CVE request: spip: cross-site scripting vulnerability",
} "refsource": "MLIST",
] "url": "http://seclists.org/oss-sec/2014/q1/128"
} },
} {
"name": "http://www.spip.net/fr_article5665.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5665.html"
},
{
"name": "http://zone.spip.org/trac/spip-zone/changeset/77768",
"refsource": "CONFIRM",
"url": "http://zone.spip.org/trac/spip-zone/changeset/77768"
},
{
"name": "http://www.spip.net/fr_article5648.html",
"refsource": "CONFIRM",
"url": "http://www.spip.net/fr_article5648.html"
},
{
"name": "[oss-security] 20140120 CVE request: spip: cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/123"
}
]
}
}

288
2017/10xxx/CVE-2017-10110.json
View File

@ -1,146 +1,146 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10110", "ID": "CVE-2017-10110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE: 6u151" "version_value": "Java SE: 6u151"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "7u141" "version_value": "7u141"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8u131" "version_value": "8u131"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3919", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3919" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
{ }
"name" : "DSA-3954", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3954" ]
}, },
{ "references": {
"name" : "GLSA-201709-22", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-22" "name": "RHSA-2017:1791",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1791"
"name" : "RHSA-2017:3453", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3453" "name": "RHSA-2017:1790",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1790"
"name" : "RHSA-2017:1789", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1789" "name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
"name" : "RHSA-2017:1790", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1790" "name": "RHSA-2017:1789",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1789"
"name" : "RHSA-2017:1791", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1791" "name": "RHSA-2017:2424",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2424"
"name" : "RHSA-2017:1792", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1792" "name": "1038931",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038931"
"name" : "RHSA-2017:2424", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2424" "name": "99643",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99643"
"name" : "RHSA-2017:2469", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2469" "name": "RHSA-2017:1792",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1792"
"name" : "RHSA-2017:2481", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2481" "name": "GLSA-201709-22",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-22"
"name" : "RHSA-2017:2530", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2530" "name": "DSA-3919",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3919"
"name" : "99643", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99643" "name": "RHSA-2017:2481",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2481"
"name" : "1038931", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038931" "name": "RHSA-2017:2530",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:2530"
} },
} {
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "RHSA-2017:2469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2469"
},
{
"name": "DSA-3954",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3954"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

166
2017/10xxx/CVE-2017-10336.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10336", "ID": "CVE-2017-10336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebLogic Server", "product_name": "WebLogic Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "10.3.6.0.0" "version_value": "10.3.6.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3.0.0" "version_value": "12.1.3.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.1.0" "version_value": "12.2.1.1.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.2.0" "version_value": "12.2.1.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
{ }
"name" : "101392", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101392" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039608", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039608" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039608"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101392"
}
]
}
}

34
2017/10xxx/CVE-2017-10573.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10573", "ID": "CVE-2017-10573",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/10xxx/CVE-2017-10832.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10832", "ID": "CVE-2017-10832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "\"Dokodemo eye Smart HD\" SCR02HD", "product_name": "\"Dokodemo eye Smart HD\" SCR02HD",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Firmware 1.0.3.1000 and earlier" "version_value": "Firmware 1.0.3.1000 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NIPPON ANTENNA Co., Ltd" "vendor_name": "NIPPON ANTENNA Co., Ltd"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "\"Dokodemo eye Smart HD\" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf" "lang": "eng",
}, "value": "\"Dokodemo eye Smart HD\" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
{ }
"name" : "JVN#87410770", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN87410770/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf",
"refsource": "MISC",
"url": "http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf"
},
{
"name": "JVN#87410770",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN87410770/index.html"
}
]
}
}

156
2017/13xxx/CVE-2017-13186.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-13186", "ID": "CVE-2017-13186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9" "lang": "eng",
}, "value": "A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716."
{ }
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}

34
2017/13xxx/CVE-2017-13339.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13339", "ID": "CVE-2017-13339",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13376.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13376", "ID": "CVE-2017-13376",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13425.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13425", "ID": "CVE-2017-13425",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/13xxx/CVE-2017-13697.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13697", "ID": "CVE-2017-13697",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bendawang.site/article/The-latest-version-of-finecms-unlimited-XSS", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.bendawang.site/article/The-latest-version-of-finecms-unlimited-XSS" "lang": "eng",
} "value": "controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bendawang.site/article/The-latest-version-of-finecms-unlimited-XSS",
"refsource": "MISC",
"url": "http://www.bendawang.site/article/The-latest-version-of-finecms-unlimited-XSS"
}
]
}
}

34
2017/17xxx/CVE-2017-17118.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17118", "ID": "CVE-2017-17118",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17292.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17292", "ID": "CVE-2017-17292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,MAX PRESENCE,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206", "product_name": "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,MAX PRESENCE,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10" "version_value": "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a denial of service vulnerability in the specific module. An authenticated, local attacker may craft a specific XML file to the affected products. Due to improper handling of input, successful exploit will cause some service abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en" "lang": "eng",
} "value": "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a denial of service vulnerability in the specific module. An authenticated, local attacker may craft a specific XML file to the affected products. Due to improper handling of input, successful exploit will cause some service abnormal."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en"
}
]
}
}

130
2017/17xxx/CVE-2017-17614.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17614", "ID": "CVE-2017-17614",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Food Order Script 1.0 has SQL Injection via the /list city parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43281", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43281/" "lang": "eng",
}, "value": "Food Order Script 1.0 has SQL Injection via the /list city parameter."
{ }
"name" : "https://packetstormsecurity.com/files/145321/Food-Order-Script-1.0-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/145321/Food-Order-Script-1.0-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43281",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43281/"
},
{
"name": "https://packetstormsecurity.com/files/145321/Food-Order-Script-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145321/Food-Order-Script-1.0-SQL-Injection.html"
}
]
}
}

132
2017/17xxx/CVE-2017-17766.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00", "DATE_PUBLIC": "2018-03-26T00:00:00",
"ID" : "CVE-2017-17766", "ID": "CVE-2017-17766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow to Buffer Overflow in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a37d8a78f5bd0e9a2c91de46721a6d80bd229a43", "description_data": [
"refsource" : "MISC", {
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a37d8a78f5bd0e9a2c91de46721a6d80bd229a43" "lang": "eng",
}, "value": "In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow."
{ }
"name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a37d8a78f5bd0e9a2c91de46721a6d80bd229a43",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a37d8a78f5bd0e9a2c91de46721a6d80bd229a43"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-02-01"
}
]
}
}

140
2018/0xxx/CVE-2018-0211.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0211", "ID": "CVE-2018-0211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Identity Services Engine", "product_name": "Cisco Identity Services Engine",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Identity Services Engine" "version_value": "Cisco Identity Services Engine"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise" "lang": "eng",
}, "value": "A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992."
{ }
"name" : "103334", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103334" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040471", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040471" "lang": "eng",
} "value": "CWE-20"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise"
},
{
"name": "1040471",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040471"
},
{
"name": "103334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103334"
}
]
}
}

140
2018/0xxx/CVE-2018-0267.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0267", "ID": "CVE-2018-0267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Unified Communications Manager", "product_name": "Cisco Unified Communications Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Unified Communications Manager" "version_value": "Cisco Unified Communications Manager"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1" "lang": "eng",
}, "value": "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116."
{ }
"name" : "103937", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103937" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040719", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040719" "lang": "eng",
} "value": "CWE-200"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1040719",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040719"
},
{
"name": "103937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103937"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1"
}
]
}
}

130
2018/0xxx/CVE-2018-0607.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0607", "ID": "CVE-2018-0607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cybozu Garoon", "product_name": "Cybozu Garoon",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.5.0 to 4.6.2" "version_value": "3.5.0 to 4.6.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cybozu, Inc." "vendor_name": "Cybozu, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.cybozu.support/article/33120/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.cybozu.support/article/33120/" "lang": "eng",
}, "value": "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "JVN#13415512", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN13415512/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#13415512",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"name": "https://kb.cybozu.support/article/33120/",
"refsource": "CONFIRM",
"url": "https://kb.cybozu.support/article/33120/"
}
]
}
}

130
2018/18xxx/CVE-2018-18581.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18581", "ID": "CVE-2018-18581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/grandnew/software-vulnerabilities/tree/master/LuPng#heap-buffer-overflow-in-function-internalprintf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/grandnew/software-vulnerabilities/tree/master/LuPng#heap-buffer-overflow-in-function-internalprintf" "lang": "eng",
}, "value": "An issue has been found in LuPng through 2017-03-10. It is a heap-based buffer over-read in internalPrintf in miniz/lupng.c."
{ }
"name" : "https://github.com/jansol/LuPng/issues/7", ]
"refsource" : "MISC", },
"url" : "https://github.com/jansol/LuPng/issues/7" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jansol/LuPng/issues/7",
"refsource": "MISC",
"url": "https://github.com/jansol/LuPng/issues/7"
},
{
"name": "https://github.com/grandnew/software-vulnerabilities/tree/master/LuPng#heap-buffer-overflow-in-function-internalprintf",
"refsource": "MISC",
"url": "https://github.com/grandnew/software-vulnerabilities/tree/master/LuPng#heap-buffer-overflow-in-function-internalprintf"
}
]
}
}

34
2018/18xxx/CVE-2018-18613.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18613", "ID": "CVE-2018-18613",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/18xxx/CVE-2018-18730.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18730", "ID": "CVE-2018-18730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md" "lang": "eng",
} "value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md",
"refsource": "MISC",
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md"
}
]
}
}

132
2018/19xxx/CVE-2018-19014.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-22T00:00:00", "DATE_PUBLIC": "2019-01-22T00:00:00",
"ID" : "CVE-2018-19014", "ID": "CVE-2018-19014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Dräger Infinity Delta", "product_name": "Dräger Infinity Delta",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions." "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01" "lang": "eng",
}, "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
{ }
"name" : "106683", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106683" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
},
{
"name": "106683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106683"
}
]
}
}

150
2018/19xxx/CVE-2018-19149.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19149", "ID": "CVE-2018-19149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/664", "description_data": [
"refsource" : "MISC", {
"url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/664" "lang": "eng",
}, "value": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment."
{ }
"name" : "USN-3837-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3837-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3837-2", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3837-2/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "106031", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/106031" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/664",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/664"
},
{
"name": "106031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106031"
},
{
"name": "USN-3837-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-2/"
},
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
}
]
}
}

34
2018/19xxx/CVE-2018-19152.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19152", "ID": "CVE-2018-19152",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

184
2018/19xxx/CVE-2018-19638.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@suse.de", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2019-02-21T00:00:00.000Z", "DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
"ID" : "CVE-2018-19638", "ID": "CVE-2018-19638",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "User can overwrite arbitrary log files in support tar" "TITLE": "User can overwrite arbitrary log files in support tar"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "supportutils", "product_name": "supportutils",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "3.1-5.7.1" "version_value": "3.1-5.7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SUSE" "vendor_name": "SUSE"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Johannes Segitz of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.2,
"baseSeverity" : "LOW",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-377"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Johannes Segitz of SUSE"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1118460", }
"refsource" : "CONFIRM", ],
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1118460" "data_format": "MITRE",
} "data_type": "CVE",
] "data_version": "4.0",
}, "description": {
"source" : { "description_data": [
"advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1118460", {
"defect" : [ "lang": "eng",
"1118460" "value": "In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files."
], }
"discovery" : "INTERNAL" ]
} },
} "impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1118460",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1118460"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1118460",
"defect": [
"1118460"
],
"discovery": "INTERNAL"
}
}

130
2018/1xxx/CVE-2018-1173.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-1173", "ID": "CVE-2018-1173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.29935" "version_value": "9.0.0.29935"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5436."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-311", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-311" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5436."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-311",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-311"
}
]
}
}

122
2018/1xxx/CVE-2018-1231.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00", "DATE_PUBLIC": "2018-03-26T00:00:00",
"ID" : "CVE-2018-1231", "ID": "CVE-2018-1231",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.cloudfoundry.org/blog/cve-2018-1231/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.cloudfoundry.org/blog/cve-2018-1231/" "lang": "eng",
} "value": "Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2018-1231/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-1231/"
}
]
}
}

34
2018/1xxx/CVE-2018-1634.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1634", "ID": "CVE-2018-1634",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/5xxx/CVE-2018-5303.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5303", "ID": "CVE-2018-5303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.isecurion.com/2018/05/09/impinj-speedway-r420-rfid-reader/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.isecurion.com/2018/05/09/impinj-speedway-r420-rfid-reader/" "lang": "eng",
} "value": "An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.isecurion.com/2018/05/09/impinj-speedway-r420-rfid-reader/",
"refsource": "MISC",
"url": "http://blog.isecurion.com/2018/05/09/impinj-speedway-r420-rfid-reader/"
}
]
}
}