admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:34:26 +00:00
parent 8a44456dc4
commit a5acd57c0f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3575 additions and 3575 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2008/0xxx/CVE-2008-0112.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-0112", "ID": "CVE-2008-0112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka \"Excel File Import Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02320", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka \"Excel File Import Vulnerability.\""
{ }
"name" : "SSRT080028", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS08-014", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-071A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-071A.html" ]
}, },
{ "references": {
"name" : "28095", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28095" "name": "1019583",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019583"
"name" : "ADV-2008-0846", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0846/references" "name": "TA08-071A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
"name" : "oval:org.mitre.oval:def:5284", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5284" "name": "oval:org.mitre.oval:def:5284",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5284"
"name" : "1019583", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019583" "name": "MS08-014",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
} },
} {
"name": "SSRT080028",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name": "HPSBST02320",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name": "28095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28095"
},
{
"name": "ADV-2008-0846",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0846/references"
}
]
}
}

190
2008/0xxx/CVE-2008-0151.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0151", "ID": "CVE-2008-0151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080104 Some DoS in some telnet servers", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485812/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options."
{ }
"name" : "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/488366/100/200/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.altervista.org/adv/waccaz-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/waccaz-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://aluigi.altervista.org/adv/wachof-adv.txt", ]
"refsource" : "MISC", }
"url" : "http://aluigi.altervista.org/adv/wachof-adv.txt" ]
}, },
{ "references": {
"name" : "27142", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27142" "name": "3525",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3525"
"name" : "28272", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28272" "name": "27142",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27142"
"name" : "3525", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3525" "name": "wacserver-option-dos(39427)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39427"
"name" : "wacserver-option-dos(39427)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39427" "name": "http://aluigi.altervista.org/adv/waccaz-adv.txt",
} "refsource": "MISC",
] "url": "http://aluigi.altervista.org/adv/waccaz-adv.txt"
} },
} {
"name": "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488366/100/200/threaded"
},
{
"name": "20080104 Some DoS in some telnet servers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485812/100/0/threaded"
},
{
"name": "28272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28272"
},
{
"name": "http://aluigi.altervista.org/adv/wachof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/wachof-adv.txt"
}
]
}
}

160
2008/0xxx/CVE-2008-0543.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0543", "ID": "CVE-2008-0543",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080124 Pre Dynamic Institution bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487054/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information."
{ }
"name" : "27451", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27451" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28651", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28651" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3603", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3603" ]
}, },
{ "references": {
"name" : "predynamic-login-sql-injection(39942)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39942" "name": "predynamic-login-sql-injection(39942)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39942"
} },
} {
"name": "28651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28651"
},
{
"name": "3603",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3603"
},
{
"name": "20080124 Pre Dynamic Institution bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487054/100/0/threaded"
},
{
"name": "27451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27451"
}
]
}
}

170
2008/0xxx/CVE-2008-0661.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0661", "ID": "CVE-2008-0661",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080205 dBpowerAMP Audio Player Release 2 Remote Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487605/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569."
{ }
"name" : "5067", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5067" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5069", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5069" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27635", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27635" ]
}, },
{ "references": {
"name" : "27639", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27639" "name": "5067",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5067"
"name" : "3623", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3623" "name": "5069",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/5069"
} },
} {
"name": "27639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27639"
},
{
"name": "20080205 dBpowerAMP Audio Player Release 2 Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487605/100/0/threaded"
},
{
"name": "3623",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3623"
},
{
"name": "27635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27635"
}
]
}
}

180
2008/1xxx/CVE-2008-1092.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-1092", "ID": "CVE-2008-1092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02336", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" "lang": "eng",
}, "value": "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026."
{ }
"name" : "SSRT080071", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS08-028", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "950627", ]
"refsource" : "MSKB", }
"url" : "http://www.microsoft.com/technet/security/advisory/950627.mspx" ]
}, },
{ "references": {
"name" : "VU#936529", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/936529" "name": "1019686",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019686"
"name" : "1019686", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019686" "name": "VU#936529",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/936529"
"name" : "microsoft-jet-msjet40-bo(41380)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41380" "name": "MS08-028",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
} },
} {
"name": "microsoft-jet-msjet40-bo(41380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41380"
},
{
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
},
{
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
},
{
"name": "950627",
"refsource": "MSKB",
"url": "http://www.microsoft.com/technet/security/advisory/950627.mspx"
}
]
}
}

140
2008/1xxx/CVE-2008-1119.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1119", "ID": "CVE-2008-1119",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5204", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5204" "lang": "eng",
}, "value": "Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter."
{ }
"name" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28022", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28022" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html",
"refsource": "CONFIRM",
"url": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html"
},
{
"name": "5204",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5204"
},
{
"name": "28022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28022"
}
]
}
}

140
2008/1xxx/CVE-2008-1470.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1470", "ID": "CVE-2008-1470",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080317 Security Advisory on RSA Web ID (XSS)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489691/100/0/threaded" "lang": "eng",
}, "value": "Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118."
{ }
"name" : "28277", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28277" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3768", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3768" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20080317 Security Advisory on RSA Web ID (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489691/100/0/threaded"
},
{
"name": "28277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28277"
},
{
"name": "3768",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3768"
}
]
}
}

180
2008/1xxx/CVE-2008-1589.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1589", "ID": "CVE-2008-1589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2008-07-11", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html" "lang": "eng",
}, "value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
{ }
"name" : "JVN#88676089", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN88676089/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2008-000039", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30186", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/30186" ]
}, },
{ "references": {
"name" : "ADV-2008-2094", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2094/references" "name": "ipod-iphone-certificate-info-disclosure(43734)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
"name" : "31074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31074" "name": "30186",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30186"
"name" : "ipod-iphone-certificate-info-disclosure(43734)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734" "name": "JVN#88676089",
} "refsource": "JVN",
] "url": "http://jvn.jp/en/jp/JVN88676089/index.html"
} },
} {
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "JVNDB-2008-000039",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}

150
2008/1xxx/CVE-2008-1757.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1757", "ID": "CVE-2008-1757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080404 KwsPHP Module ConcoursPhoto XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490470/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter."
{ }
"name" : "28612", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28612" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3809", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3809" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "concoursphoto-index-xss(41814)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41814" ]
} },
] "references": {
} "reference_data": [
} {
"name": "3809",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3809"
},
{
"name": "28612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28612"
},
{
"name": "concoursphoto-index-xss(41814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41814"
},
{
"name": "20080404 KwsPHP Module ConcoursPhoto XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490470/100/0/threaded"
}
]
}
}

150
2008/4xxx/CVE-2008-4045.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4045", "ID": "CVE-2008-4045",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php."
{ }
"name" : "31720", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/31720" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31727", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31727" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "atmail-parse-showmail-abook-xss(44860)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44860" ]
} },
] "references": {
} "reference_data": [
} {
"name": "atmail-parse-showmail-abook-xss(44860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44860"
},
{
"name": "31720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31720"
},
{
"name": "31727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31727"
},
{
"name": "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt"
}
]
}
}

160
2008/4xxx/CVE-2008-4461.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4461", "ID": "CVE-2008-4461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6388", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6388" "lang": "eng",
}, "value": "SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter."
{ }
"name" : "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html", ]
"refsource" : "MISC", },
"url" : "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31043", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31043" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31747", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31747" ]
}, },
{ "references": {
"name" : "datingzone-advancedsearch-sql-injection(44946)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44946" "name": "31043",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/31043"
} },
} {
"name": "datingzone-advancedsearch-sql-injection(44946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44946"
},
{
"name": "6388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6388"
},
{
"name": "31747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31747"
},
{
"name": "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html",
"refsource": "MISC",
"url": "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html"
}
]
}
}

170
2008/4xxx/CVE-2008-4641.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4641", "ID": "CVE-2008-4641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081015 CVE request: jhead", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/15/5" "lang": "eng",
}, "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
{ }
"name" : "[oss-security] 20081015 Re: CVE request: jhead", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/10/15/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20081016 Re: CVE request: jhead", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/16/3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20081127 Re: CVE request: jhead", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2008/11/26/4" ]
}, },
{ "references": {
"name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" "name": "31921",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31921"
"name" : "31921", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31921" "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
} "refsource": "CONFIRM",
] "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
} },
} {
"name": "[oss-security] 20081015 CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
},
{
"name": "[oss-security] 20081127 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
},
{
"name": "[oss-security] 20081016 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
},
{
"name": "[oss-security] 20081015 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
}
]
}
}

160
2008/5xxx/CVE-2008-5424.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5424", "ID": "CVE-2008-5424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081208 DoS attacks on MIME-capable software via complex MIME emails", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499038/100/0/threaded" "lang": "eng",
}, "value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
{ }
"name" : "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/499045/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro", "description": [
"refsource" : "MISC", {
"url" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32702", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/32702" ]
}, },
{ "references": {
"name" : "4721", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4721" "name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
} "refsource": "MISC",
] "url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
} },
} {
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}
}

34
2013/2xxx/CVE-2013-2060.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2060", "ID": "CVE-2013-2060",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/3xxx/CVE-2013-3194.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3194", "ID": "CVE-2013-3194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-059", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "TA13-225A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18267", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18267" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name": "oval:org.mitre.oval:def:18267",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18267"
},
{
"name": "TA13-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
}
]
}
}

180
2013/3xxx/CVE-2013-3369.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3369", "ID": "CVE-2013-3369",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rt-announce] 20130522 RT 3.8.17 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" "lang": "eng",
}, "value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
{ }
"name" : "[rt-announce] 20130522 RT 4.0.13 released", ]
"refsource" : "MLIST", },
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[rt-announce] 20130522 Security vulnerabilities in RT", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2670", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2670" ]
}, },
{ "references": {
"name" : "93610", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/93610" "name": "[rt-announce] 20130522 RT 3.8.17 released",
}, "refsource": "MLIST",
{ "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
"name" : "53505", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53505" "name": "93610",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/93610"
"name" : "53522", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53522" "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
} "refsource": "MLIST",
] "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
} },
} {
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}

34
2013/3xxx/CVE-2013-3516.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3516", "ID": "CVE-2013-3516",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2013/3xxx/CVE-2013-3533.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3533", "ID": "CVE-2013-3533",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130402 NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0011.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "58816", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/58816" ]
}, },
{ "references": {
"name" : "91887", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/91887" "name": "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf",
}, "refsource": "MISC",
{ "url": "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf"
"name" : "52801", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52801" "name": "20130402 NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0011.html"
"name" : "virtualaccess-unspecified-sql-injection(83179)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83179" "name": "58816",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/58816"
} },
} {
"name": "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html"
},
{
"name": "91887",
"refsource": "OSVDB",
"url": "http://osvdb.org/91887"
},
{
"name": "virtualaccess-unspecified-sql-injection(83179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83179"
},
{
"name": "52801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52801"
}
]
}
}

200
2013/4xxx/CVE-2013-4344.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4344", "ID": "CVE-2013-4344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/10/02/2" "lang": "eng",
}, "value": "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command."
{ }
"name" : "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released", ]
"refsource" : "MLIST", },
"url" : "http://article.gmane.org/gmane.comp.emulators.qemu/237191" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1553", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1553.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1754", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1754.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2014:1279", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" "name": "openSUSE-SU-2014:1281",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
"name" : "openSUSE-SU-2014:1281", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" "name": "62773",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/62773"
"name" : "USN-2092-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2092-1" "name": "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released",
}, "refsource": "MLIST",
{ "url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
"name" : "62773", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/62773" "name": "openSUSE-SU-2014:1279",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
"name" : "98028", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/98028" "name": "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
} },
} {
"name": "98028",
"refsource": "OSVDB",
"url": "http://osvdb.org/98028"
},
{
"name": "RHSA-2013:1754",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
},
{
"name": "RHSA-2013:1553",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
},
{
"name": "USN-2092-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2092-1"
}
]
}
}

210
2013/4xxx/CVE-2013-4421.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4421", "ID": "CVE-2013-4421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/10/11/4" "lang": "eng",
}, "value": "The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed."
{ }
"name" : "https://matt.ucc.asn.au/dropbear/CHANGES", ]
"refsource" : "CONFIRM", },
"url" : "https://matt.ucc.asn.au/dropbear/CHANGES" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f", "description": [
"refsource" : "CONFIRM", {
"url" : "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.citrix.com/article/CTX216642", ]
"refsource" : "CONFIRM", }
"url" : "https://support.citrix.com/article/CTX216642" ]
}, },
{ "references": {
"name" : "FEDORA-2013-18593", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html" "name": "55173",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55173"
"name" : "FEDORA-2013-18606", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html" "name": "https://matt.ucc.asn.au/dropbear/CHANGES",
}, "refsource": "CONFIRM",
{ "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
"name" : "openSUSE-SU-2013:1616", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html" "name": "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f",
}, "refsource": "CONFIRM",
{ "url": "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f"
"name" : "openSUSE-SU-2013:1696", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html" "name": "FEDORA-2013-18593",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html"
"name" : "62958", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/62958" "name": "openSUSE-SU-2013:1696",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"
"name" : "55173", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55173" "name": "62958",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/62958"
} },
} {
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "FEDORA-2013-18606",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html"
},
{
"name": "openSUSE-SU-2013:1616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"
},
{
"name": "[oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/11/4"
}
]
}
}

120
2013/4xxx/CVE-2013-4754.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4754", "ID": "CVE-2013-4754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.xchg.info/?p=400", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.xchg.info/?p=400" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xchg.info/?p=400",
"refsource": "MISC",
"url": "http://www.xchg.info/?p=400"
}
]
}
}

180
2013/6xxx/CVE-2013-6395.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6395", "ID": "CVE-2013-6395",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q4/346" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.rusty-ice.de/advisory/advisory_2013002.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.rusty-ice.de/advisory/advisory_2013002.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/ganglia/ganglia-web/issues/218", ]
"refsource" : "MISC", }
"url" : "https://github.com/ganglia/ganglia-web/issues/218" ]
}, },
{ "references": {
"name" : "100380", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/100380" "name": "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2013/q4/346"
"name" : "55854", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55854" "name": "https://github.com/ganglia/ganglia-web/issues/218",
}, "refsource": "MISC",
{ "url": "https://github.com/ganglia/ganglia-web/issues/218"
"name" : "gangliaweb-cve20136395-xss(89272)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507",
} "refsource": "MISC",
] "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507"
} },
} {
"name": "gangliaweb-cve20136395-xss(89272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272"
},
{
"name": "55854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55854"
},
{
"name": "http://www.rusty-ice.de/advisory/advisory_2013002.txt",
"refsource": "MISC",
"url": "http://www.rusty-ice.de/advisory/advisory_2013002.txt"
},
{
"name": "100380",
"refsource": "OSVDB",
"url": "http://osvdb.org/100380"
}
]
}
}

34
2013/6xxx/CVE-2013-6533.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6533", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6533",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6586.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6586", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6586",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

170
2013/7xxx/CVE-2013-7188.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7188", "ID": "CVE-2013-7188",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/", ]
"refsource" : "CONFIRM", },
"url" : "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hostbillapp.com/changelog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://hostbillapp.com/changelog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "101030", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/101030" ]
}, },
{ "references": {
"name" : "56124", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56124" "name": "56124",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56124"
"name" : "hostbill-unspecified-xss(89750)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89750" "name": "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/",
} "refsource": "CONFIRM",
] "url": "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/"
} },
} {
"name": "101030",
"refsource": "OSVDB",
"url": "http://osvdb.org/101030"
},
{
"name": "hostbill-unspecified-xss(89750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89750"
},
{
"name": "http://hostbillapp.com/changelog",
"refsource": "CONFIRM",
"url": "http://hostbillapp.com/changelog"
},
{
"name": "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099",
"refsource": "MISC",
"url": "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099"
}
]
}
}

120
2013/7xxx/CVE-2013-7305.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7305", "ID": "CVE-2013-7305",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/p/e107/svn/13114", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/p/e107/svn/13114" "lang": "eng",
} "value": "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/e107/svn/13114",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/e107/svn/13114"
}
]
}
}

198
2017/10xxx/CVE-2017-10325.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10325", "ID": "CVE-2017-10325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Common Applications Calendar", "product_name": "Common Applications Calendar",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.6" "version_value": "12.2.6"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.7" "version_value": "12.2.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
{ }
"name" : "101311", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101311" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039592", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039592" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101311"
},
{
"name": "1039592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039592"
}
]
}
}

198
2017/10xxx/CVE-2017-10409.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10409", "ID": "CVE-2017-10409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "iStore", "product_name": "iStore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.6" "version_value": "12.2.6"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.7" "version_value": "12.2.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
{ }
"name" : "101332", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101332" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039592", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039592" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1039592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039592"
},
{
"name": "101332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101332"
}
]
}
}

34
2017/10xxx/CVE-2017-10494.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10494", "ID": "CVE-2017-10494",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/10xxx/CVE-2017-10874.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10874", "ID": "CVE-2017-10874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PWR-Q200", "product_name": "PWR-Q200",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "all firmware versions" "version_value": "all firmware versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Insufficiently Random Values"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://web116.jp/shop/hikari_p/q200/q200_00.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://web116.jp/shop/hikari_p/q200/q200_00.html" "lang": "eng",
}, "value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
{ }
"name" : "JVN#73141967", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN73141967/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web116.jp/shop/hikari_p/q200/q200_00.html",
"refsource": "CONFIRM",
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name": "JVN#73141967",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
]
}
}

148
2017/13xxx/CVE-2017-13184.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-13184", "ID": "CVE-2017-13184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-01-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-01-01" "lang": "eng",
}, "value": "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324."
{ }
"name" : "102414", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102414" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040106", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040106" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "102414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102414"
}
]
}
}

34
2017/13xxx/CVE-2017-13582.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13582", "ID": "CVE-2017-13582",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13909.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13909", "ID": "CVE-2017-13909",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/17xxx/CVE-2017-17107.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17107", "ID": "CVE-2017-17107",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20171212 Three exploits for Zivif Web Cameras (may impact others)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Dec/42" "lang": "eng",
}, "value": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session."
{ }
"name" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://twitter.com/silascutler/status/938052460328968192", "description": [
"refsource" : "MISC", {
"url" : "https://twitter.com/silascutler/status/938052460328968192" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/silascutler/status/938052460328968192",
"refsource": "MISC",
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
]
}
}

130
2017/17xxx/CVE-2017-17669.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17669", "ID": "CVE-2017-17669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Exiv2/exiv2/issues/187", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Exiv2/exiv2/issues/187" "lang": "eng",
}, "value": "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack."
{ }
"name" : "USN-3852-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3852-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/187",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/187"
},
{
"name": "USN-3852-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3852-1/"
}
]
}
}

210
2017/17xxx/CVE-2017-17712.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17712", "ID": "CVE-2017-17712",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483" "lang": "eng",
}, "value": "The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges."
{ }
"name" : "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4073", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2017/dsa-4073" ]
}, },
{ "references": {
"name" : "RHSA-2018:0502", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0502" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483"
"name" : "USN-3581-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3581-1/" "name": "USN-3582-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3582-1/"
"name" : "USN-3581-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3581-2/" "name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
}, "refsource": "CONFIRM",
{ "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
"name" : "USN-3581-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3581-3/" "name": "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483"
"name" : "USN-3582-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3582-1/" "name": "USN-3581-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3581-1/"
"name" : "USN-3582-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3582-2/" "name": "USN-3581-3",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3581-3/"
} },
} {
"name": "USN-3581-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"name": "DSA-4073",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4073"
},
{
"name": "RHSA-2018:0502",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0502"
},
{
"name": "USN-3582-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-2/"
}
]
}
}

130
2017/17xxx/CVE-2017-17910.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17910", "ID": "CVE-2017-17910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf" "lang": "eng",
}, "value": "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices."
{ }
"name" : "https://www.trustworks.at/publications", ]
"refsource" : "MISC", },
"url" : "https://www.trustworks.at/publications" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustworks.at/publications",
"refsource": "MISC",
"url": "https://www.trustworks.at/publications"
},
{
"name": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf",
"refsource": "MISC",
"url": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf"
}
]
}
}

120
2017/17xxx/CVE-2017-17939.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17939", "ID": "CVE-2017-17939",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md" "lang": "eng",
} "value": "PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md"
}
]
}
}

34
2017/9xxx/CVE-2017-9019.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9019", "ID": "CVE-2017-9019",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/9xxx/CVE-2017-9029.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9029", "ID": "CVE-2017-9029",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/9xxx/CVE-2017-9525.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9525", "ID": "CVE-2017-9525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/864466", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/864466" "lang": "eng",
}, "value": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."
{ }
"name" : "http://www.openwall.com/lists/oss-security/2017/06/08/3", ]
"refsource" : "MISC", },
"url" : "http://www.openwall.com/lists/oss-security/2017/06/08/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038651", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038651" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/864466",
"refsource": "MISC",
"url": "http://bugs.debian.org/864466"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/06/08/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/06/08/3"
},
{
"name": "1038651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038651"
}
]
}
}

160
2017/9xxx/CVE-2017-9835.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9835", "ID": "CVE-2017-9835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066" "lang": "eng",
}, "value": "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c."
{ }
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3986", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3986" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201811-12", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201811-12" ]
}, },
{ "references": {
"name" : "99991", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99991" "name": "GLSA-201811-12",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201811-12"
} },
} {
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697985",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697985"
},
{
"name": "DSA-3986",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3986"
},
{
"name": "99991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99991"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066"
}
]
}
}

130
2018/0xxx/CVE-2018-0564.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0564", "ID": "CVE-2018-0564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EC-CUBE", "product_name": "EC-CUBE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)" "version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "LOCKON CO.,LTD." "vendor_name": "LOCKON CO.,LTD."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Session fixation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ec-cube.net/info/weakness/20180416/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ec-cube.net/info/weakness/20180416/" "lang": "eng",
}, "value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
{ }
"name" : "JVN#52695336", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN52695336/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ec-cube.net/info/weakness/20180416/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
]
}
}

120
2018/0xxx/CVE-2018-0605.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0605", "ID": "CVE-2018-0605",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Pixelpost", "product_name": "Pixelpost",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v1.7.3 and earlier" "version_value": "v1.7.3 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Pixelpost.org" "vendor_name": "Pixelpost.org"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#27978559", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN27978559/index.html" "lang": "eng",
} "value": "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#27978559",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27978559/index.html"
}
]
}
}

120
2018/0xxx/CVE-2018-0716.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@qnapsecurity.com.tw", "ASSIGNER": "security@qnap.com",
"ID" : "CVE-2018-0716", "ID": "CVE-2018-0716",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Qsync Central", "product_name": "Qsync Central",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "QTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions" "version_value": "QTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QNAP" "vendor_name": "QNAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29" "lang": "eng",
} "value": "Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29"
}
]
}
}

120
2018/18xxx/CVE-2018-18385.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18385", "ID": "CVE-2018-18385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/asciidoctor/asciidoctor/issues/2888", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/asciidoctor/asciidoctor/issues/2888" "lang": "eng",
} "value": "Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/asciidoctor/asciidoctor/issues/2888",
"refsource": "MISC",
"url": "https://github.com/asciidoctor/asciidoctor/issues/2888"
}
]
}
}

130
2018/19xxx/CVE-2018-19346.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19346", "ID": "CVE-2018-19346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html" "lang": "eng",
}, "value": "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea\" issue."
{ }
"name" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/", ]
"refsource" : "MISC", },
"url" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html",
"refsource": "MISC",
"url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html"
},
{
"name": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/",
"refsource": "MISC",
"url": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/"
}
]
}
}

34
2018/1xxx/CVE-2018-1208.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-1208", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-1208",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }
} }

148
2018/1xxx/CVE-2018-1322.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-03-21T00:00:00", "DATE_PUBLIC": "2018-03-21T00:00:00",
"ID" : "CVE-2018-1322", "ID": "CVE-2018-1322",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Syncope", "product_name": "Apache Syncope",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Releases prior to 1.2.11, Releases prior to 2.0.8" "version_value": "Releases prior to 1.2.11, Releases prior to 2.0.8"
}, },
{ {
"version_value" : "The unsupported Releases 1.0.x, 1.1.x may be also affected." "version_value": "The unsupported Releases 1.0.x, 1.1.x may be also affected."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45400", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45400/" "lang": "eng",
}, "value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."
{ }
"name" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting", ]
"refsource" : "MISC", },
"url" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103507", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103507" "lang": "eng",
} "value": "Information disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting",
"refsource": "MISC",
"url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"
},
{
"name": "103507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103507"
},
{
"name": "45400",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45400/"
}
]
}
}

226
2018/1xxx/CVE-2018-1607.json
View File

@ -1,115 +1,115 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-20T00:00:00", "DATE_PUBLIC": "2018-09-20T00:00:00",
"ID" : "CVE-2018-1607", "ID": "CVE-2018-1607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Engineering Lifecycle Manager", "product_name": "Rational Engineering Lifecycle Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
}, },
{ {
"version_value" : "6.0.6" "version_value": "6.0.6"
}, },
{ {
"version_value" : "5.01" "version_value": "5.01"
}, },
{ {
"version_value" : "5.02" "version_value": "5.02"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511" "lang": "eng",
}, "value": "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797."
{ }
"name" : "ibm-relm-cve20181607-xxe(143797)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797" "impact": {
} "cvssv3": {
] "BM": {
} "A": "L",
} "AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "7.100",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731511",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731511"
},
{
"name": "ibm-relm-cve20181607-xxe(143797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797"
}
]
}
}

226
2018/1xxx/CVE-2018-1610.json
View File

@ -1,115 +1,115 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-21T00:00:00", "DATE_PUBLIC": "2018-09-21T00:00:00",
"ID" : "CVE-2018-1610", "ID": "CVE-2018-1610",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational DOORS Next Generation", "product_name": "Rational DOORS Next Generation",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
}, },
{ {
"version_value" : "6.0.6" "version_value": "6.0.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10719841", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10719841" "lang": "eng",
}, "value": "IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931."
{ }
"name" : "ibm-dng-cve20181610-xss(143931)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143931" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-dng-cve20181610-xss(143931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143931"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719841",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719841"
}
]
}
}

34
2018/1xxx/CVE-2018-1633.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1633", "ID": "CVE-2018-1633",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/1xxx/CVE-2018-1680.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1680", "ID": "CVE-2018-1680",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2018/1xxx/CVE-2018-1817.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00", "DATE_PUBLIC": "2018-12-11T00:00:00",
"ID" : "CVE-2018-1817", "ID": "CVE-2018-1817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Guardium", "product_name": "Security Guardium",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10" "version_value": "10"
}, },
{ {
"version_value" : "10.5" "version_value": "10.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069" "lang": "eng",
}, "value": "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021."
{ }
"name" : "ibm-guardium-cve20181817-xss(150021)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"SCORE": "6.100",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-guardium-cve20181817-xss(150021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10737069",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10737069"
}
]
}
}