admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:34:26 +00:00
parent 8a44456dc4
commit a5acd57c0f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3575 additions and 3575 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
2008/0xxx/CVE-2008-0112.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0112",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0112",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka \"Excel File Import Vulnerability.\""
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka \"Excel File Import Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBST02320",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
"name": "1019583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019583"
},
{
"name" : "SSRT080028",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
"name": "TA08-071A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
},
{
"name" : "MS08-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
"name": "oval:org.mitre.oval:def:5284",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5284"
},
{
"name" : "TA08-071A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
"name": "MS08-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
},
{
"name" : "28095",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28095"
"name": "SSRT080028",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name" : "ADV-2008-0846",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0846/references"
"name": "HPSBST02320",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name" : "oval:org.mitre.oval:def:5284",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5284"
"name": "28095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28095"
},
{
"name" : "1019583",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019583"
"name": "ADV-2008-0846",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0846/references"
}
]
}

104
2008/0xxx/CVE-2008-0151.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0151",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0151",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options."
"lang": "eng",
"value": "Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080104 Some DoS in some telnet servers",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485812/100/0/threaded"
"name": "3525",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3525"
},
{
"name" : "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488366/100/200/threaded"
"name": "27142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27142"
},
{
"name" : "http://aluigi.altervista.org/adv/waccaz-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/waccaz-adv.txt"
"name": "wacserver-option-dos(39427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39427"
},
{
"name" : "http://aluigi.altervista.org/adv/wachof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/wachof-adv.txt"
"name": "http://aluigi.altervista.org/adv/waccaz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/waccaz-adv.txt"
},
{
"name" : "27142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27142"
"name": "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488366/100/200/threaded"
},
{
"name" : "28272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28272"
"name": "20080104 Some DoS in some telnet servers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485812/100/0/threaded"
},
{
"name" : "3525",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3525"
"name": "28272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28272"
},
{
"name" : "wacserver-option-dos(39427)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39427"
"name": "http://aluigi.altervista.org/adv/wachof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/wachof-adv.txt"
}
]
}

86
2008/0xxx/CVE-2008-0543.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0543",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0543",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080124 Pre Dynamic Institution bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487054/100/0/threaded"
"name": "predynamic-login-sql-injection(39942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39942"
},
{
"name" : "27451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27451"
"name": "28651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28651"
},
{
"name" : "28651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28651"
"name": "3603",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3603"
},
{
"name" : "3603",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3603"
"name": "20080124 Pre Dynamic Institution bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487054/100/0/threaded"
},
{
"name" : "predynamic-login-sql-injection(39942)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39942"
"name": "27451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27451"
}
]
}

92
2008/0xxx/CVE-2008-0661.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0661",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0661",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569."
"lang": "eng",
"value": "Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080205 dBpowerAMP Audio Player Release 2 Remote Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487605/100/0/threaded"
"name": "5067",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5067"
},
{
"name" : "5067",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5067"
"name": "5069",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5069"
},
{
"name" : "5069",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5069"
"name": "27639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27639"
},
{
"name" : "27635",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27635"
"name": "20080205 dBpowerAMP Audio Player Release 2 Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487605/100/0/threaded"
},
{
"name" : "27639",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27639"
"name": "3623",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3623"
},
{
"name" : "3623",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3623"
"name": "27635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27635"
}
]
}

98
2008/1xxx/CVE-2008-1092.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1092",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1092",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026."
"lang": "eng",
"value": "Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBST02336",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
"name": "1019686",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019686"
},
{
"name" : "SSRT080071",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
"name": "VU#936529",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936529"
},
{
"name" : "MS08-028",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
"name": "MS08-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-028"
},
{
"name" : "950627",
"refsource" : "MSKB",
"url" : "http://www.microsoft.com/technet/security/advisory/950627.mspx"
"name": "microsoft-jet-msjet40-bo(41380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41380"
},
{
"name" : "VU#936529",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/936529"
"name": "SSRT080071",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
},
{
"name" : "1019686",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019686"
"name": "HPSBST02336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121129490723574&w=2"
},
{
"name" : "microsoft-jet-msjet40-bo(41380)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41380"
"name": "950627",
"refsource": "MSKB",
"url": "http://www.microsoft.com/technet/security/advisory/950627.mspx"
}
]
}

74
2008/1xxx/CVE-2008-1119.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1119",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1119",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5204",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5204"
"name": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html",
"refsource": "CONFIRM",
"url": "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html"
},
{
"name" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html",
"refsource" : "CONFIRM",
"url" : "http://www.centreon.com/Product/Changelog-Centreon-1.4.x.html"
"name": "5204",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5204"
},
{
"name" : "28022",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28022"
"name": "28022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28022"
}
]
}

74
2008/1xxx/CVE-2008-1470.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1470",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1470",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118."
"lang": "eng",
"value": "Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080317 Security Advisory on RSA Web ID (XSS)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489691/100/0/threaded"
"name": "20080317 Security Advisory on RSA Web ID (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489691/100/0/threaded"
},
{
"name" : "28277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28277"
"name": "28277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28277"
},
{
"name" : "3768",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3768"
"name": "3768",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3768"
}
]
}

98
2008/1xxx/CVE-2008-1589.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1589",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1589",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
"lang": "eng",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "APPLE-SA-2008-07-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
"name": "ipod-iphone-certificate-info-disclosure(43734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
},
{
"name" : "JVN#88676089",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN88676089/index.html"
"name": "30186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name" : "JVNDB-2008-000039",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
"name": "JVN#88676089",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN88676089/index.html"
},
{
"name" : "30186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30186"
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name" : "ADV-2008-2094",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2094/references"
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name" : "31074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31074"
"name": "JVNDB-2008-000039",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"name" : "ipod-iphone-certificate-info-disclosure(43734)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}

80
2008/1xxx/CVE-2008-1757.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1757",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1757",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080404 KwsPHP Module ConcoursPhoto XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490470/100/0/threaded"
"name": "3809",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3809"
},
{
"name" : "28612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28612"
"name": "28612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28612"
},
{
"name" : "3809",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3809"
"name": "concoursphoto-index-xss(41814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41814"
},
{
"name" : "concoursphoto-index-xss(41814)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41814"
"name": "20080404 KwsPHP Module ConcoursPhoto XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490470/100/0/threaded"
}
]
}

80
2008/4xxx/CVE-2008-4045.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4045",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4045",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt"
"name": "atmail-parse-showmail-abook-xss(44860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44860"
},
{
"name" : "31720",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31720"
"name": "31720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31720"
},
{
"name" : "31727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31727"
"name": "31727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31727"
},
{
"name" : "atmail-parse-showmail-abook-xss(44860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44860"
"name": "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/atmail542-xss.txt"
}
]
}

86
2008/4xxx/CVE-2008-4461.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4461",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4461",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter."
"lang": "eng",
"value": "SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6388",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6388"
"name": "31043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31043"
},
{
"name" : "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html",
"refsource" : "MISC",
"url" : "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html"
"name": "datingzone-advancedsearch-sql-injection(44946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44946"
},
{
"name" : "31043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31043"
"name": "6388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6388"
},
{
"name" : "31747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31747"
"name": "31747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31747"
},
{
"name" : "datingzone-advancedsearch-sql-injection(44946)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44946"
"name": "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html",
"refsource": "MISC",
"url": "http://z0rlu.blogspot.com/2008/09/vastal-i-tech-dating-zone-fage-sql.html"
}
]
}

92
2008/4xxx/CVE-2008-4641.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4641",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4641",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
"lang": "eng",
"value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20081015 CVE request: jhead",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/15/5"
"name": "31921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31921"
},
{
"name" : "[oss-security] 20081015 Re: CVE request: jhead",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/15/6"
"name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
},
{
"name" : "[oss-security] 20081016 Re: CVE request: jhead",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/16/3"
"name": "[oss-security] 20081015 CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
},
{
"name" : "[oss-security] 20081127 Re: CVE request: jhead",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/11/26/4"
"name": "[oss-security] 20081127 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
"name": "[oss-security] 20081016 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
},
{
"name" : "31921",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31921"
"name": "[oss-security] 20081015 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
}
]
}

86
2008/5xxx/CVE-2008-5424.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5424",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5424",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
"lang": "eng",
"value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
"name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource": "MISC",
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name" : "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource" : "MISC",
"url" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
"name": "32702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name" : "32702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32702"
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name" : "4721",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4721"
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}

22
2013/2xxx/CVE-2013-2060.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2060",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2060",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2013/3xxx/CVE-2013-3194.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3194",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3194",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS13-059",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
"name": "MS13-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name" : "TA13-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A"
"name": "oval:org.mitre.oval:def:18267",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18267"
},
{
"name" : "oval:org.mitre.oval:def:18267",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18267"
"name": "TA13-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
}
]
}

98
2013/3xxx/CVE-2013-3369.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3369",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3369",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
"lang": "eng",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[rt-announce] 20130522 RT 3.8.17 released",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name" : "[rt-announce] 20130522 RT 4.0.13 released",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
"name": "93610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93610"
},
{
"name" : "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name" : "DSA-2670",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2670"
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name" : "93610",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/93610"
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name" : "53505",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53505"
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name" : "53522",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53522"
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}

22
2013/3xxx/CVE-2013-3516.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3516",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3516",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2013/3xxx/CVE-2013-3533.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3533",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3533",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130402 NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0011.html"
"name": "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf",
"refsource": "MISC",
"url": "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf"
},
{
"name" : "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html"
"name": "20130402 NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0011.html"
},
{
"name" : "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf",
"refsource" : "MISC",
"url" : "http://www.nccgroup.com/media/244196/patch_notificatio_virtual_access_monitor_multiple_sql_injection_vulnerabilities.pdf"
"name": "58816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58816"
},
{
"name" : "58816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58816"
"name": "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121051/Virtual-Access-Monitor-SQL-Injection.html"
},
{
"name" : "91887",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/91887"
"name": "91887",
"refsource": "OSVDB",
"url": "http://osvdb.org/91887"
},
{
"name" : "52801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52801"
"name": "virtualaccess-unspecified-sql-injection(83179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83179"
},
{
"name" : "virtualaccess-unspecified-sql-injection(83179)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83179"
"name": "52801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52801"
}
]
}

110
2013/4xxx/CVE-2013-4344.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4344",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4344",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command."
"lang": "eng",
"value": "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/02/2"
"name": "openSUSE-SU-2014:1281",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name" : "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
"name": "62773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62773"
},
{
"name" : "RHSA-2013:1553",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
"name": "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
},
{
"name" : "RHSA-2013:1754",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
"name": "openSUSE-SU-2014:1279",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:1279",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
"name": "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
},
{
"name" : "openSUSE-SU-2014:1281",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
"name": "98028",
"refsource": "OSVDB",
"url": "http://osvdb.org/98028"
},
{
"name" : "USN-2092-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2092-1"
"name": "RHSA-2013:1754",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
},
{
"name" : "62773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62773"
"name": "RHSA-2013:1553",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
},
{
"name" : "98028",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98028"
"name": "USN-2092-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2092-1"
}
]
}

116
2013/4xxx/CVE-2013-4421.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4421",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4421",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed."
"lang": "eng",
"value": "The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/11/4"
"name": "55173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55173"
},
{
"name" : "https://matt.ucc.asn.au/dropbear/CHANGES",
"refsource" : "CONFIRM",
"url" : "https://matt.ucc.asn.au/dropbear/CHANGES"
"name": "https://matt.ucc.asn.au/dropbear/CHANGES",
"refsource": "CONFIRM",
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"name" : "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f",
"refsource" : "CONFIRM",
"url" : "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f"
"name": "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f",
"refsource": "CONFIRM",
"url": "https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
"name": "FEDORA-2013-18593",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html"
},
{
"name" : "FEDORA-2013-18593",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.html"
"name": "openSUSE-SU-2013:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"
},
{
"name" : "FEDORA-2013-18606",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html"
"name": "62958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62958"
},
{
"name" : "openSUSE-SU-2013:1616",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name" : "openSUSE-SU-2013:1696",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"
"name": "FEDORA-2013-18606",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.html"
},
{
"name" : "62958",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62958"
"name": "openSUSE-SU-2013:1616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"
},
{
"name" : "55173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55173"
"name": "[oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/11/4"
}
]
}

62
2013/4xxx/CVE-2013-4754.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4754",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4754",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.xchg.info/?p=400",
"refsource" : "MISC",
"url" : "http://www.xchg.info/?p=400"
"name": "http://www.xchg.info/?p=400",
"refsource": "MISC",
"url": "http://www.xchg.info/?p=400"
}
]
}

98
2013/6xxx/CVE-2013-6395.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6395",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6395",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q4/346"
"name": "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/346"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507"
"name": "https://github.com/ganglia/ganglia-web/issues/218",
"refsource": "MISC",
"url": "https://github.com/ganglia/ganglia-web/issues/218"
},
{
"name" : "http://www.rusty-ice.de/advisory/advisory_2013002.txt",
"refsource" : "MISC",
"url" : "http://www.rusty-ice.de/advisory/advisory_2013002.txt"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507"
},
{
"name" : "https://github.com/ganglia/ganglia-web/issues/218",
"refsource" : "MISC",
"url" : "https://github.com/ganglia/ganglia-web/issues/218"
"name": "gangliaweb-cve20136395-xss(89272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272"
},
{
"name" : "100380",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100380"
"name": "55854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55854"
},
{
"name" : "55854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55854"
"name": "http://www.rusty-ice.de/advisory/advisory_2013002.txt",
"refsource": "MISC",
"url": "http://www.rusty-ice.de/advisory/advisory_2013002.txt"
},
{
"name" : "gangliaweb-cve20136395-xss(89272)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272"
"name": "100380",
"refsource": "OSVDB",
"url": "http://osvdb.org/100380"
}
]
}

22
2013/6xxx/CVE-2013-6533.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6533",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6533",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6586.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6586",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6586",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

92
2013/7xxx/CVE-2013-7188.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7188",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7188",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099",
"refsource" : "MISC",
"url" : "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099"
"name": "56124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56124"
},
{
"name" : "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/",
"refsource" : "CONFIRM",
"url" : "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/"
"name": "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/",
"refsource": "CONFIRM",
"url": "http://extras.hostbillapp.com/security-advisory-hostbill-version-2013-12-14/"
},
{
"name" : "http://hostbillapp.com/changelog",
"refsource" : "CONFIRM",
"url" : "http://hostbillapp.com/changelog"
"name": "101030",
"refsource": "OSVDB",
"url": "http://osvdb.org/101030"
},
{
"name" : "101030",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101030"
"name": "hostbill-unspecified-xss(89750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89750"
},
{
"name" : "56124",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56124"
"name": "http://hostbillapp.com/changelog",
"refsource": "CONFIRM",
"url": "http://hostbillapp.com/changelog"
},
{
"name" : "hostbill-unspecified-xss(89750)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89750"
"name": "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099",
"refsource": "MISC",
"url": "https://blog.rack911.com/security-advisories/hostbill-xss-admin-hijack-security-vulnerability-r911-0099"
}
]
}

62
2013/7xxx/CVE-2013-7305.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7305",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7305",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
"lang": "eng",
"value": "fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/p/e107/svn/13114",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/e107/svn/13114"
"name": "http://sourceforge.net/p/e107/svn/13114",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/e107/svn/13114"
}
]
}

104
2017/10xxx/CVE-2017-10325.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10325",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10325",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Common Applications Calendar",
"version" : {
"version_data" : [
"product_name": "Common Applications Calendar",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.1"
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications Calendar accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "101311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101311"
"name": "101311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101311"
},
{
"name" : "1039592",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039592"
"name": "1039592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039592"
}
]
}

104
2017/10xxx/CVE-2017-10409.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10409",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10409",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "iStore",
"version" : {
"version_data" : [
"product_name": "iStore",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.1"
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "101332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101332"
"name": "1039592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039592"
},
{
"name" : "1039592",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039592"
"name": "101332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101332"
}
]
}

22
2017/10xxx/CVE-2017-10494.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10494",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10494",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/10xxx/CVE-2017-10874.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10874",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10874",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "PWR-Q200",
"version" : {
"version_data" : [
"product_name": "PWR-Q200",
"version": {
"version_data": [
{
"version_value" : "all firmware versions"
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
"lang": "eng",
"value": "PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use of Insufficiently Random Values"
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://web116.jp/shop/hikari_p/q200/q200_00.html",
"refsource" : "CONFIRM",
"url" : "http://web116.jp/shop/hikari_p/q200/q200_00.html"
"name": "http://web116.jp/shop/hikari_p/q200/q200_00.html",
"refsource": "CONFIRM",
"url": "http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"name" : "JVN#73141967",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN73141967/index.html"
"name": "JVN#73141967",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN73141967/index.html"
}
]
}

78
2017/13xxx/CVE-2017-13184.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-13184",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13184",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "8.0"
"version_value": "8.0"
},
{
"version_value" : "8.1"
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324."
"lang": "eng",
"value": "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-01-01"
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name" : "102414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102414"
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name" : "1040106",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040106"
"name": "102414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102414"
}
]
}

22
2017/13xxx/CVE-2017-13582.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13582",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13582",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/13xxx/CVE-2017-13909.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13909",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13909",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2017/17xxx/CVE-2017-17107.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17107",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17107",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session."
"lang": "eng",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Dec/42"
"name": "https://twitter.com/silascutler/status/938052460328968192",
"refsource": "MISC",
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"name" : "https://twitter.com/silascutler/status/938052460328968192",
"refsource" : "MISC",
"url" : "https://twitter.com/silascutler/status/938052460328968192"
"name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
]
}

68
2017/17xxx/CVE-2017-17669.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17669",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17669",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack."
"lang": "eng",
"value": "There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/Exiv2/exiv2/issues/187",
"refsource" : "MISC",
"url" : "https://github.com/Exiv2/exiv2/issues/187"
"name": "https://github.com/Exiv2/exiv2/issues/187",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/187"
},
{
"name" : "USN-3852-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3852-1/"
"name": "USN-3852-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3852-1/"
}
]
}

116
2017/17xxx/CVE-2017-17712.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17712",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17712",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges."
"lang": "eng",
"value": "The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f659a03a0ba9289b9aeb9b4470e6fb263d6f483"
},
{
"name" : "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483"
"name": "USN-3582-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01"
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
},
{
"name" : "DSA-4073",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4073"
"name": "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483"
},
{
"name" : "RHSA-2018:0502",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0502"
"name": "USN-3581-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"name" : "USN-3581-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3581-1/"
"name": "USN-3581-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-3/"
},
{
"name" : "USN-3581-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3581-2/"
"name": "USN-3581-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"name" : "USN-3581-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3581-3/"
"name": "DSA-4073",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4073"
},
{
"name" : "USN-3582-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3582-1/"
"name": "RHSA-2018:0502",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0502"
},
{
"name" : "USN-3582-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3582-2/"
"name": "USN-3582-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3582-2/"
}
]
}

68
2017/17xxx/CVE-2017-17910.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17910",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17910",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices."
"lang": "eng",
"value": "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf",
"refsource" : "MISC",
"url" : "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf"
"name": "https://www.trustworks.at/publications",
"refsource": "MISC",
"url": "https://www.trustworks.at/publications"
},
{
"name" : "https://www.trustworks.at/publications",
"refsource" : "MISC",
"url" : "https://www.trustworks.at/publications"
"name": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf",
"refsource": "MISC",
"url": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf"
}
]
}

62
2017/17xxx/CVE-2017-17939.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17939",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17939",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php."
"lang": "eng",
"value": "PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md"
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Single-Theater-Booking.md"
}
]
}

22
2017/9xxx/CVE-2017-9019.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9019",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9019",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/9xxx/CVE-2017-9029.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9029",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9029",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2017/9xxx/CVE-2017-9525.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9525",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9525",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."
"lang": "eng",
"value": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.debian.org/864466",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/864466"
"name": "http://bugs.debian.org/864466",
"refsource": "MISC",
"url": "http://bugs.debian.org/864466"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/06/08/3",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/06/08/3"
"name": "http://www.openwall.com/lists/oss-security/2017/06/08/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/06/08/3"
},
{
"name" : "1038651",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038651"
"name": "1038651",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038651"
}
]
}

86
2017/9xxx/CVE-2017-9835.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9835",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9835",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c."
"lang": "eng",
"value": "The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066"
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697985"
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697985",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697985"
},
{
"name" : "DSA-3986",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3986"
"name": "DSA-3986",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3986"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
"name": "99991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99991"
},
{
"name" : "99991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99991"
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066"
}
]
}

68
2018/0xxx/CVE-2018-0564.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0564",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0564",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "EC-CUBE",
"version" : {
"version_data" : [
"product_name": "EC-CUBE",
"version": {
"version_data": [
{
"version_value" : "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
"version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
}
]
}
}
]
},
"vendor_name" : "LOCKON CO.,LTD."
"vendor_name": "LOCKON CO.,LTD."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
"lang": "eng",
"value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Session fixation"
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ec-cube.net/info/weakness/20180416/",
"refsource" : "CONFIRM",
"url" : "https://www.ec-cube.net/info/weakness/20180416/"
"name": "https://www.ec-cube.net/info/weakness/20180416/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name" : "JVN#52695336",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52695336/index.html"
"name": "JVN#52695336",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
]
}

62
2018/0xxx/CVE-2018-0605.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0605",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0605",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Pixelpost",
"version" : {
"version_data" : [
"product_name": "Pixelpost",
"version": {
"version_data": [
{
"version_value" : "v1.7.3 and earlier"
"version_value": "v1.7.3 and earlier"
}
]
}
}
]
},
"vendor_name" : "Pixelpost.org"
"vendor_name": "Pixelpost.org"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting"
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#27978559",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27978559/index.html"
"name": "JVN#27978559",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27978559/index.html"
}
]
}

62
2018/0xxx/CVE-2018-0716.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@qnapsecurity.com.tw",
"ID" : "CVE-2018-0716",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"ID": "CVE-2018-0716",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Qsync Central",
"version" : {
"version_data" : [
"product_name": "Qsync Central",
"version": {
"version_data": [
{
"version_value" : "QTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions"
"version_value": "QTS 4.2.6 build 20180711, QTS 4.3.3 Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5 Qsync Central 3.0.4 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "QNAP"
"vendor_name": "QNAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application."
"lang": "eng",
"value": "Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting"
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29"
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-29"
}
]
}

62
2018/18xxx/CVE-2018-18385.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18385",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18385",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop."
"lang": "eng",
"value": "Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/asciidoctor/asciidoctor/issues/2888",
"refsource" : "MISC",
"url" : "https://github.com/asciidoctor/asciidoctor/issues/2888"
"name": "https://github.com/asciidoctor/asciidoctor/issues/2888",
"refsource": "MISC",
"url": "https://github.com/asciidoctor/asciidoctor/issues/2888"
}
]
}

68
2018/19xxx/CVE-2018-19346.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19346",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19346",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea\" issue."
"lang": "eng",
"value": "The u3d plugin 9.3.0.10809 (aka plugins\\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a \"Data from Faulting Address controls Branch Selection starting at U3DBrowser!PlugInMain+0x00000000000d11ea\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html",
"refsource" : "MISC",
"url" : "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html"
"name": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html",
"refsource": "MISC",
"url": "https://github.com/Yan-1-20/Yan-1-20.github.io/blob/master/2018/11/10/2018/11/2018-11-10/index.html"
},
{
"name" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/",
"refsource" : "MISC",
"url" : "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/"
"name": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/",
"refsource": "MISC",
"url": "https://yan-1-20.github.io/2018/11/10/2018/11/2018-11-10/"
}
]
}

22
2018/1xxx/CVE-2018-1208.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1208",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1208",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

78
2018/1xxx/CVE-2018-1322.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-03-21T00:00:00",
"ID" : "CVE-2018-1322",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2018-1322",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache Syncope",
"version" : {
"version_data" : [
"product_name": "Apache Syncope",
"version": {
"version_data": [
{
"version_value" : "Releases prior to 1.2.11, Releases prior to 2.0.8"
"version_value": "Releases prior to 1.2.11, Releases prior to 2.0.8"
},
{
"version_value" : "The unsupported Releases 1.0.x, 1.1.x may be also affected."
"version_value": "The unsupported Releases 1.0.x, 1.1.x may be also affected."
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."
"lang": "eng",
"value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information disclosure"
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "45400",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45400/"
"name": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting",
"refsource": "MISC",
"url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"
},
{
"name" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting",
"refsource" : "MISC",
"url" : "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"
"name": "103507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103507"
},
{
"name" : "103507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103507"
"name": "45400",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45400/"
}
]
}

120
2018/1xxx/CVE-2018-1607.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-20T00:00:00",
"ID" : "CVE-2018-1607",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-1607",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value" : "5.0"
"version_value": "5.0"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "6.0.6"
"version_value": "6.0.6"
},
{
"version_value" : "5.01"
"version_value": "5.01"
},
{
"version_value" : "5.02"
"version_value": "5.02"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797."
"lang": "eng",
"value": "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "7.100",
"UI": "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511"
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731511",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731511"
},
{
"name" : "ibm-relm-cve20181607-xxe(143797)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797"
"name": "ibm-relm-cve20181607-xxe(143797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143797"
}
]
}

120
2018/1xxx/CVE-2018-1610.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-21T00:00:00",
"ID" : "CVE-2018-1610",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-21T00:00:00",
"ID": "CVE-2018-1610",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rational DOORS Next Generation",
"version" : {
"version_data" : [
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value" : "5.0.2"
"version_value": "5.0.2"
},
{
"version_value" : "5.0"
"version_value": "5.0"
},
{
"version_value" : "5.0.1"
"version_value": "5.0.1"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "6.0.6"
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931."
"lang": "eng",
"value": "IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143931."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10719841",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10719841"
"name": "ibm-dng-cve20181610-xss(143931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143931"
},
{
"name" : "ibm-dng-cve20181610-xss(143931)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/143931"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719841",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719841"
}
]
}

22
2018/1xxx/CVE-2018-1633.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1633",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1633",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/1xxx/CVE-2018-1680.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1680",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1680",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

104
2018/1xxx/CVE-2018-1817.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-11T00:00:00",
"ID" : "CVE-2018-1817",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-11T00:00:00",
"ID": "CVE-2018-1817",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value" : "10"
"version_value": "10"
},
{
"version_value" : "10.5"
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021."
"lang": "eng",
"value": "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150021."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"SCORE": "6.100",
"UI": "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737069"
"name": "ibm-guardium-cve20181817-xss(150021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021"
},
{
"name" : "ibm-guardium-cve20181817-xss(150021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150021"
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10737069",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10737069"
}
]
}