admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:20:42 +00:00
parent 46812b4ddd
commit a8b9927743
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4050 additions and 4050 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2008/0xxx/CVE-2008-0056.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0056", "ID": "CVE-2008-0056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a \"long pathname with an unexpected structure\" that triggers the overflow in NSFileManager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=307562", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=307562" "lang": "eng",
}, "value": "Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a \"long pathname with an unexpected structure\" that triggers the overflow in NSFileManager."
{ }
"name" : "APPLE-SA-2008-03-18", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA08-079A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28304", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28304" ]
}, },
{ "references": {
"name" : "28357", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28357" "name": "28357",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28357"
"name" : "ADV-2008-0924", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0924/references" "name": "macos-foundation-nsfilemanager-bo(41309)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41309"
"name" : "1019649", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019649" "name": "28304",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28304"
"name" : "29420", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29420" "name": "TA08-079A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
"name" : "macos-foundation-nsfilemanager-bo(41309)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41309" "name": "ADV-2008-0924",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/0924/references"
} },
} {
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "1019649",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019649"
}
]
}
}

130
2008/0xxx/CVE-2008-0548.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0548", "ID": "CVE-2008-0548",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/steamcazz-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/steamcazz-adv.txt" "lang": "eng",
}, "value": "Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails."
{ }
"name" : "steamcast-contentlength-dos(39927)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39927" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/steamcazz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/steamcazz-adv.txt"
},
{
"name": "steamcast-contentlength-dos(39927)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39927"
}
]
}
}

130
2008/0xxx/CVE-2008-0690.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0690", "ID": "CVE-2008-0690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5047", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5047" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action."
{ }
"name" : "27585", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27585" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5047",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5047"
},
{
"name": "27585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27585"
}
]
}
}

210
2008/1xxx/CVE-2008-1136.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1136", "ID": "CVE-2008-1136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080107 CORE-2007-1106: SynCE Remote Command Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485884/100/0/threaded" "lang": "eng",
}, "value": "The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679."
{ }
"name" : "http://www.coresecurity.com/?action=item&id=2070", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/?action=item&id=2070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/forum/forum.php?forum_id=766440", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/forum/forum.php?forum_id=766440" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-0680", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html" ]
}, },
{ "references": {
"name" : "27178", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27178" "name": "synce-vdccm-command-execution(39506)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39506"
"name" : "28141", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28141" "name": "20080107 CORE-2007-1106: SynCE Remote Command Injection",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/485884/100/0/threaded"
"name" : "29228", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29228" "name": "http://www.coresecurity.com/?action=item&id=2070",
}, "refsource": "MISC",
{ "url": "http://www.coresecurity.com/?action=item&id=2070"
"name" : "29285", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29285" "name": "27178",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27178"
"name" : "3710", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3710" "name": "3710",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3710"
"name" : "synce-vdccm-command-execution(39506)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39506" "name": "29228",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29228"
} },
} {
"name": "28141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28141"
},
{
"name": "FEDORA-2008-0680",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00131.html"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=766440",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=766440"
},
{
"name": "29285",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29285"
}
]
}
}

560
2008/1xxx/CVE-2008-1375.json
View File

@ -1,282 +1,282 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-1375", "ID": "CVE-2008-1375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080502 rPSA-2008-0157-1 kernel", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491566/100/0/threaded" "lang": "eng",
}, "value": "Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors."
{ }
"name" : "20080507 rPSA-2008-0157-1 kernel", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/491732/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[linux-kernel] 20080501 Linux 2.6.24.6", "description": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=linux-kernel&m=120967963803205&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[linux-kernel] 20080501 Linux 2.6.25.1", ]
"refsource" : "MLIST", }
"url" : "http://marc.info/?l=linux-kernel&m=120967964303224&w=2" ]
}, },
{ "references": {
"name" : "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://lists.vmware.com/pipermail/security-announce/2008/000023.html" "name": "[linux-kernel] 20080501 Linux 2.6.24.6",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=linux-kernel&m=120967963803205&w=2"
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0157", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0157" "name": "30962",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30962"
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157" "name": "ADV-2008-1406",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1406/references"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1" "name": "29003",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29003"
"name" : "https://issues.rpath.com/browse/RPL-2501", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2501" "name": "linux-kernel-dnotify-privilege-escalation(42131)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42131"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4" "name": "RHSA-2008:0237",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0237.html"
"name" : "DSA-1565", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1565" "name": "1019959",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019959"
"name" : "FEDORA-2008-3873", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html" "name": "ADV-2008-1452",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1452/references"
"name" : "MDVSA-2008:105", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105" "name": "MDVSA-2008:167",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167"
"name" : "MDVSA-2008:167", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" "name": "USN-618-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-618-1"
"name" : "MDVSA-2008:104", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:104" "name": "DSA-1565",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1565"
"name" : "RHSA-2008:0211", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0211.html" "name": "30116",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30116"
"name" : "RHSA-2008:0233", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0233.html" "name": "RHSA-2008:0233",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0233.html"
"name" : "RHSA-2008:0237", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0237.html" "name": "30110",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30110"
"name" : "SUSE-SA:2008:030", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" "name": "SUSE-SA:2008:031",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html"
"name" : "SUSE-SA:2008:031", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html" "name": "FEDORA-2008-3873",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html"
"name" : "SUSE-SA:2008:032", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" "name": "ADV-2008-2222",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2222/references"
"name" : "USN-614-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/614-1/" "name": "20080507 rPSA-2008-0157-1 kernel",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/491732/100/0/threaded"
"name" : "USN-618-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-618-1" "name": "[linux-kernel] 20080501 Linux 2.6.25.1",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=linux-kernel&m=120967964303224&w=2"
"name" : "29003", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29003" "name": "oval:org.mitre.oval:def:11843",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843"
"name" : "oval:org.mitre.oval:def:11843", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843" "name": "30515",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30515"
"name" : "ADV-2008-1406", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1406/references" "name": "20080502 rPSA-2008-0157-1 kernel",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/491566/100/0/threaded"
"name" : "ADV-2008-1452", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1452/references" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6"
"name" : "ADV-2008-2222", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2222/references" "name": "USN-614-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/614-1/"
"name" : "1019959", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019959" "name": "MDVSA-2008:105",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
"name" : "30017", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30017" "name": "30108",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30108"
"name" : "30044", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30044" "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4"
"name" : "30108", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30108" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1"
"name" : "30260", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30260" "name": "30044",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30044"
"name" : "30515", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30515" "name": "RHSA-2008:0211",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0211.html"
"name" : "30769", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30769" "name": "30017",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30017"
"name" : "30818", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30818" "name": "30890",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30890"
"name" : "30890", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30890" "name": "https://issues.rpath.com/browse/RPL-2501",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2501"
"name" : "30962", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30962" "name": "30769",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30769"
"name" : "31246", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31246" "name": "[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix",
}, "refsource": "MLIST",
{ "url": "http://lists.vmware.com/pipermail/security-announce/2008/000023.html"
"name" : "30018", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30018" "name": "30018",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30018"
"name" : "30110", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30110" "name": "MDVSA-2008:104",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:104"
"name" : "30112", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30112" "name": "30260",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30260"
"name" : "30116", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30116" "name": "SUSE-SA:2008:030",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html"
"name" : "linux-kernel-dnotify-privilege-escalation(42131)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42131" "name": "31246",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31246"
} },
} {
"name": "30818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30818"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0157",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0157"
},
{
"name": "30112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30112"
},
{
"name": "SUSE-SA:2008:032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html"
}
]
}
}

380
2008/1xxx/CVE-2008-1887.json
View File

@ -1,192 +1,192 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1887", "ID": "CVE-2008-1887",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490776" "lang": "eng",
}, "value": "Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow."
{ }
"name" : "20090824 rPSA-2009-0122-1 idle python", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/506056/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.python.org/issue2587", ]
"refsource" : "CONFIRM", }
"url" : "http://bugs.python.org/issue2587" ]
}, },
{ "references": {
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" "name": "SUSE-SR:2008:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name" : "http://support.apple.com/kb/HT3438", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3438" "name": "http://bugs.python.org/issue2587",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.python.org/issue2587"
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122" "name": "GLSA-200807-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200807-01.xml"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "name": "30872",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30872"
"name" : "APPLE-SA-2009-02-12", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" "name": "20090824 rPSA-2009-0122-1 idle python",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/506056/100/0/threaded"
"name" : "DSA-1551", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1551" "name": "33937",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33937"
"name" : "DSA-1620", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1620" "name": "oval:org.mitre.oval:def:8624",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624"
"name" : "GLSA-200807-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200807-01.xml" "name": "37471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37471"
"name" : "SUSE-SR:2008:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" "name": "python-pystringfromstringandsize-bo(41944)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944"
"name" : "USN-632-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-632-1" "name": "31687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31687"
"name" : "28749", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28749" "name": "oval:org.mitre.oval:def:10407",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407"
"name" : "oval:org.mitre.oval:def:10407", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407" "name": "20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/490776"
"name" : "oval:org.mitre.oval:def:8624", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624" "name": "DSA-1551",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1551"
"name" : "29889", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29889" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"name" : "30872", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30872" "name": "http://support.apple.com/kb/HT3438",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3438"
"name" : "31255", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31255" "name": "APPLE-SA-2009-02-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
"name" : "31365", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31365" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122"
"name" : "31518", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31518" "name": "28749",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28749"
"name" : "31687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31687" "name": "USN-632-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-632-1"
"name" : "33937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33937" "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"name" : "37471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37471" "name": "31518",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31518"
"name" : "ADV-2009-3316", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3316" "name": "31365",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31365"
"name" : "python-pystringfromstringandsize-bo(41944)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41944" "name": "31255",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31255"
} },
} {
"name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900"
},
{
"name": "DSA-1620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1620"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "29889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29889"
}
]
}
}

150
2008/1xxx/CVE-2008-1923.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1923", "ID": "CVE-2008-1923",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.altsci.com/concepts/page.php?s=asteri&p=1", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.altsci.com/concepts/page.php?s=asteri&p=1" "lang": "eng",
}, "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
{ }
"name" : "http://bugs.digium.com/view.php?id=10078", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.digium.com/view.php?id=10078" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://downloads.digium.com/pub/security/AST-2008-006.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.digium.com/pub/security/AST-2008-006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "asterisk-new-dos(42049)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049" ]
} },
] "references": {
} "reference_data": [
} {
"name": "asterisk-new-dos(42049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"name": "http://bugs.digium.com/view.php?id=10078",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "http://www.altsci.com/concepts/page.php?s=asteri&p=1",
"refsource": "MISC",
"url": "http://www.altsci.com/concepts/page.php?s=asteri&p=1"
}
]
}
}

180
2008/1xxx/CVE-2008-1991.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1991", "ID": "CVE-2008-1991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080420 Acidcat CMS Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491129/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter."
{ }
"name" : "5478", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5478" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugreport.ir/index.php?/36", "description": [
"refsource" : "MISC", {
"url" : "http://bugreport.ir/index.php?/36" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28868", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28868" ]
}, },
{ "references": {
"name" : "29916", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29916" "name": "http://bugreport.ir/index.php?/36",
}, "refsource": "MISC",
{ "url": "http://bugreport.ir/index.php?/36"
"name" : "3842", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3842" "name": "3842",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3842"
"name" : "acidcat-admincolorsswatch-xss(41919)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41919" "name": "29916",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29916"
} },
} {
"name": "20080420 Acidcat CMS Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491129/100/0/threaded"
},
{
"name": "28868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28868"
},
{
"name": "acidcat-admincolorsswatch-xss(41919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41919"
},
{
"name": "5478",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5478"
}
]
}
}

140
2008/4xxx/CVE-2008-4187.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4187", "ID": "CVE-2008-4187",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6489", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6489" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter."
{ }
"name" : "4315", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4315" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "proactivecms-index-file-include(45235)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45235" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "proactivecms-index-file-include(45235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45235"
},
{
"name": "6489",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6489"
},
{
"name": "4315",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4315"
}
]
}
}

160
2008/5xxx/CVE-2008-5218.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5218", "ID": "CVE-2008-5218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7140", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7140" "lang": "eng",
}, "value": "ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords."
{ }
"name" : "32325", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32325" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49883", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/49883" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32744", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32744" ]
}, },
{ "references": {
"name" : "4633", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4633" "name": "4633",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4633"
} },
} {
"name": "32325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32325"
},
{
"name": "7140",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7140"
},
{
"name": "49883",
"refsource": "OSVDB",
"url": "http://osvdb.org/49883"
},
{
"name": "32744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32744"
}
]
}
}

210
2008/5xxx/CVE-2008-5355.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5355", "ID": "CVE-2008-5355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Java Update\" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" "lang": "eng",
}, "value": "The \"Java Update\" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks."
{ }
"name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200911-02", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "244989", ]
"refsource" : "SUNALERT", }
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1" ]
}, },
{ "references": {
"name" : "TA08-340A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" "name": "1021315",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021315"
"name" : "50498", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50498" "name": "oval:org.mitre.oval:def:5664",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664"
"name" : "oval:org.mitre.oval:def:5664", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664" "name": "GLSA-200911-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name" : "1021315", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021315" "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
"name" : "37386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37386" "name": "244989",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1"
"name" : "ADV-2008-3339", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3339" "name": "ADV-2008-3339",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/3339"
} },
} {
"name": "50498",
"refsource": "OSVDB",
"url": "http://osvdb.org/50498"
},
{
"name": "TA08-340A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid="
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
}
]
}
}

170
2008/5xxx/CVE-2008-5732.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5732", "ID": "CVE-2008-5732",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7537", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7537" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file."
{ }
"name" : "32953", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32953" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50876", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50876" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33223", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33223" ]
}, },
{ "references": {
"name" : "4812", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4812" "name": "33223",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33223"
"name" : "kafooeyblog-imageupload-file-upload(47535)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47535" "name": "50876",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/50876"
} },
} {
"name": "7537",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7537"
},
{
"name": "kafooeyblog-imageupload-file-upload(47535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47535"
},
{
"name": "4812",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4812"
},
{
"name": "32953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32953"
}
]
}
}

390
2013/0xxx/CVE-2013-0435.json
View File

@ -1,197 +1,197 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0435", "ID": "CVE-2013-0435",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\""
{ }
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "description": [
"refsource" : "CONFIRM", {
"url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291", ]
"refsource" : "CONFIRM", }
"url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "MDVSA-2013:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
"name" : "HPSBUX02864", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "SSRT101156",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "SSRT101156", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "TA13-032A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
"name" : "HPSBMU02874", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "oval:org.mitre.oval:def:19520",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19520"
"name" : "HPSBUX02857", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "RHSA-2013:0236",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "VU#858729",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/858729"
"name" : "MDVSA-2013:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" "name": "RHSA-2013:0237",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
"name" : "RHSA-2013:0236", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "RHSA-2013:0237", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" "name": "57729",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57729"
"name" : "RHSA-2013:0245", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" "name": "RHSA-2013:0247",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html"
"name" : "RHSA-2013:0246", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291",
}, "refsource": "CONFIRM",
{ "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291"
"name" : "RHSA-2013:0247", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" "name": "oval:org.mitre.oval:def:16489",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16489"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892"
"name" : "openSUSE-SU-2013:0312", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "openSUSE-SU-2013:0377", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" "name": "openSUSE-SU-2013:0312",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html"
"name" : "TA13-032A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" "name": "openSUSE-SU-2013:0377",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html"
"name" : "VU#858729", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/858729" "name": "RHSA-2013:0246",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html"
"name" : "57729", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57729" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "oval:org.mitre.oval:def:16489", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16489" "name": "HPSBUX02864",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "oval:org.mitre.oval:def:19078", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19078" "name": "RHSA-2013:0245",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html"
"name" : "oval:org.mitre.oval:def:19520", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19520" "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
} },
} {
"name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "oval:org.mitre.oval:def:19078",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19078"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056"
}
]
}
}

410
2013/0xxx/CVE-2013-0443.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0443", "ID": "CVE-2013-0443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key."
{ }
"name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", ]
"refsource" : "CONFIRM", },
"url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275", "description": [
"refsource" : "CONFIRM", {
"url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=907340", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=907340" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" "name": "oval:org.mitre.oval:def:19010",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19010"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "oval:org.mitre.oval:def:15832",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832"
"name" : "HPSBUX02864", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "SSRT101156", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "MDVSA-2013:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
"name" : "HPSBMU02874", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "SSRT101156",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "HPSBUX02857", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "TA13-032A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "RHSA-2013:0236",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "MDVSA-2013:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" "name": "57702",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57702"
"name" : "RHSA-2013:0236", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" "name": "VU#858729",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/858729"
"name" : "RHSA-2013:0237", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" "name": "SUSE-SU-2013:0478",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html"
"name" : "RHSA-2013:0245", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275",
}, "refsource": "CONFIRM",
{ "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275"
"name" : "RHSA-2013:0246", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" "name": "RHSA-2013:0237",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
"name" : "RHSA-2013:0247", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "RHSA-2013:0247",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=907340",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907340"
"name" : "openSUSE-SU-2013:0312", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "openSUSE-SU-2013:0377", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "SUSE-SU-2013:0478", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" "name": "openSUSE-SU-2013:0312",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html"
"name" : "TA13-032A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" "name": "openSUSE-SU-2013:0377",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html"
"name" : "VU#858729", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/858729" "name": "oval:org.mitre.oval:def:19382",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19382"
"name" : "57702", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57702" "name": "RHSA-2013:0246",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html"
"name" : "oval:org.mitre.oval:def:15832", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "oval:org.mitre.oval:def:19010", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19010" "name": "HPSBUX02864",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "oval:org.mitre.oval:def:19382", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19382" "name": "RHSA-2013:0245",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html"
"name" : "oval:org.mitre.oval:def:19437", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19437" "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
} },
} {
"name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS"
},
{
"name": "oval:org.mitre.oval:def:19437",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19437"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056"
}
]
}
}

140
2013/3xxx/CVE-2013-3205.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3205", "ID": "CVE-2013-3205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-069", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "TA13-253A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18696", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18696" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069"
},
{
"name": "oval:org.mitre.oval:def:18696",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18696"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}

120
2013/3xxx/CVE-2013-3957.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3957", "ID": "CVE-2013-3957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf" "lang": "eng",
} "value": "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
]
}
}

150
2013/3xxx/CVE-2013-3972.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-3972", "ID": "CVE-2013-3972",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" "lang": "eng",
}, "value": "IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors."
{ }
"name" : "IV39089", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55068", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55068" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "maximo-cve20133972-infodisc(84849)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849" ]
} },
] "references": {
} "reference_data": [
} {
"name": "IV39089",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV39089"
},
{
"name": "55068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55068"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
},
{
"name": "maximo-cve20133972-infodisc(84849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84849"
}
]
}
}

34
2013/4xxx/CVE-2013-4168.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4168", "ID": "CVE-2013-4168",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2013/4xxx/CVE-2013-4651.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4651", "ID": "CVE-2013-4651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf" "lang": "eng",
} "value": "Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-120908.pdf"
}
]
}
}

34
2013/4xxx/CVE-2013-4773.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4773", "ID": "CVE-2013-4773",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/4xxx/CVE-2013-4816.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-4816", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-4816",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6265.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6265", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6265",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6294.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6294", "ID": "CVE-2013-6294",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6716.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6716", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6716",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

162
2017/10xxx/CVE-2017-10689.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@puppet.com", "ASSIGNER": "security@puppet.com",
"DATE_PUBLIC" : "2018-02-05T00:00:00", "DATE_PUBLIC": "2018-02-05T00:00:00",
"ID" : "CVE-2017-10689", "ID": "CVE-2017-10689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Puppet Enterprise", "product_name": "Puppet Enterprise",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 2016.4.10 or 2017.3.4" "version_value": "prior to 2016.4.10 or 2017.3.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Puppet Agent", "product_name": "Puppet Agent",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 5.3.4 or 1.10.10" "version_value": "prior to 5.3.4 or 1.10.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Puppet" "vendor_name": "Puppet"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Permission Handling"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://puppet.com/security/cve/CVE-2017-10689", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://puppet.com/security/cve/CVE-2017-10689" "lang": "eng",
}, "value": "In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability."
{ }
"name" : "RHSA-2018:2927", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:2927" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3567-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3567-1/" "lang": "eng",
} "value": "Incorrect Permission Handling"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "USN-3567-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3567-1/"
},
{
"name": "https://puppet.com/security/cve/CVE-2017-10689",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2017-10689"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
}
]
}
}

200
2017/10xxx/CVE-2017-10890.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10890", "ID": "CVE-2017-10890",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RX-V200 firmware", "product_name": "RX-V200 firmware",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 09.87.17.09" "version_value": "prior to 09.87.17.09"
} }
] ]
} }
}, },
{ {
"product_name" : "RX-V100 firmware", "product_name": "RX-V100 firmware",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 03.29.17.09" "version_value": "prior to 03.29.17.09"
} }
] ]
} }
}, },
{ {
"product_name" : "RX-CLV1-P firmware", "product_name": "RX-CLV1-P firmware",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 79.17.17.09" "version_value": "prior to 79.17.17.09"
} }
] ]
} }
}, },
{ {
"product_name" : "RX-CLV2-B firmware", "product_name": "RX-CLV2-B firmware",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 89.07.17.09" "version_value": "prior to 89.07.17.09"
} }
] ]
} }
}, },
{ {
"product_name" : "RX-CLV3-N firmware", "product_name": "RX-CLV3-N firmware",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 91.09.17.10" "version_value": "prior to 91.09.17.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Sharp Corporation" "vendor_name": "Sharp Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Session Management Issue"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#76382932", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN76382932/index.html" "lang": "eng",
} "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Management Issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#76382932",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN76382932/index.html"
}
]
}
}

140
2017/10xxx/CVE-2017-10899.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10899", "ID": "CVE-2017-10899",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "A-Reserve", "product_name": "A-Reserve",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "versions 3.8.6 and earlier" "version_value": "versions 3.8.6 and earlier"
} }
] ]
} }
}, },
{ {
"product_name" : "A-Reserve for MT cloud", "product_name": "A-Reserve for MT cloud",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "versions 3.8.6 and earlier" "version_value": "versions 3.8.6 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Princeton Ltd." "vendor_name": "Princeton Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#78501037", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN78501037/index.html" "lang": "eng",
} "value": "SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#78501037",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN78501037/index.html"
}
]
}
}

142
2017/12xxx/CVE-2017-12494.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00", "DATE_PUBLIC": "2017-08-11T00:00:00",
"ID" : "CVE-2017-12494", "ID": "CVE-2017-12494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "PLAT 7.3 (E0504)" "version_value": "PLAT 7.3 (E0504)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" "lang": "eng",
}, "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
{ }
"name" : "100367", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100367" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039152", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039152" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039152"
},
{
"name": "100367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100367"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
}
]
}
}

34
2017/12xxx/CVE-2017-12889.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12889", "ID": "CVE-2017-12889",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2017/13xxx/CVE-2017-13289.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2017-13289", "ID": "CVE-2017-13289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
} "value": "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
}
]
}
}

34
2017/13xxx/CVE-2017-13602.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13602", "ID": "CVE-2017-13602",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13631.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13631", "ID": "CVE-2017-13631",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/17xxx/CVE-2017-17073.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17073", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17073",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/17xxx/CVE-2017-17191.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17191", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17191",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17529.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17529", "ID": "CVE-2017-17529",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-17529", "description_data": [
"refsource" : "MISC", {
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-17529" "lang": "eng",
} "value": "af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-17529",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17529"
}
]
}
}

130
2017/17xxx/CVE-2017-17606.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17606", "ID": "CVE-2017-17606",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43273", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43273/" "lang": "eng",
}, "value": "Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter."
{ }
"name" : "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145292/Co-work-Space-Search-Script-1.0-SQL-Injection.html"
},
{
"name": "43273",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43273/"
}
]
}
}

120
2017/17xxx/CVE-2017-17691.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17691", "ID": "CVE-2017-17691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt" "lang": "eng",
} "value": "Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt"
}
]
}
}

120
2017/9xxx/CVE-2017-9927.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9927", "ID": "CVE-2017-9927",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a \"Read Access Violation starting at image00000000_00400000+0x000000000001b5fe.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927" "lang": "eng",
} "value": "In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a \"Read Access Violation starting at image00000000_00400000+0x000000000001b5fe.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9927"
}
]
}
}

140
2018/0xxx/CVE-2018-0203.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0203", "ID": "CVE-2018-0203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Unity Connection", "product_name": "Cisco Unity Connection",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Unity Connection" "version_value": "Cisco Unity Connection"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-19"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc" "lang": "eng",
}, "value": "A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215."
{ }
"name" : "103142", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103142" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040413", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040413" "lang": "eng",
} "value": "CWE-19"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103142"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc"
},
{
"name": "1040413",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040413"
}
]
}
}

130
2018/0xxx/CVE-2018-0323.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0323", "ID": "CVE-2018-0323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Enterprise NFV Infrastructure Software", "product_name": "Cisco Enterprise NFV Infrastructure Software",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Enterprise NFV Infrastructure Software" "version_value": "Cisco Enterprise NFV Infrastructure Software"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal" "lang": "eng",
}, "value": "A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631."
{ }
"name" : "104206", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104206" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal"
},
{
"name": "104206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104206"
}
]
}
}

34
2018/18xxx/CVE-2018-18413.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18413", "ID": "CVE-2018-18413",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/18xxx/CVE-2018-18694.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18694", "ID": "CVE-2018-18694",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/monstra-cms/monstra/issues/459", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/monstra-cms/monstra/issues/459" "lang": "eng",
} "value": "admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/monstra-cms/monstra/issues/459",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/459"
}
]
}
}

34
2018/18xxx/CVE-2018-18902.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18902", "ID": "CVE-2018-18902",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18967.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18967", "ID": "CVE-2018-18967",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/19xxx/CVE-2018-19224.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19224", "ID": "CVE-2018-19224",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access" "lang": "eng",
} "value": "An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access"
}
]
}
}

130
2018/19xxx/CVE-2018-19653.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19653", "ID": "CVE-2018-19653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/hashicorp/consul/pull/5069", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/hashicorp/consul/pull/5069" "lang": "eng",
}, "value": "HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade."
{ }
"name" : "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I", ]
"refsource" : "MISC", },
"url" : "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I"
},
{
"name": "https://github.com/hashicorp/consul/pull/5069",
"refsource": "MISC",
"url": "https://github.com/hashicorp/consul/pull/5069"
}
]
}
}

34
2018/19xxx/CVE-2018-19929.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19929", "ID": "CVE-2018-19929",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/1xxx/CVE-2018-1006.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1006", "ID": "CVE-2018-1006",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

1052
2018/1xxx/CVE-2018-1434.json
View File

File diff suppressed because it is too large Load Diff

286
2018/1xxx/CVE-2018-1546.json
View File

@ -1,145 +1,145 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-02T00:00:00", "DATE_PUBLIC": "2018-07-02T00:00:00",
"ID" : "CVE-2018-1546", "ID": "CVE-2018-1546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "API Connect", "product_name": "API Connect",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.1.0" "version_value": "5.0.1.0"
}, },
{ {
"version_value" : "5.0.0.0" "version_value": "5.0.0.0"
}, },
{ {
"version_value" : "5.0.2.0" "version_value": "5.0.2.0"
}, },
{ {
"version_value" : "5.0.5.0" "version_value": "5.0.5.0"
}, },
{ {
"version_value" : "5.0.6.0" "version_value": "5.0.6.0"
}, },
{ {
"version_value" : "5.0.6.1" "version_value": "5.0.6.1"
}, },
{ {
"version_value" : "5.0.6.2" "version_value": "5.0.6.2"
}, },
{ {
"version_value" : "5.0.7.0" "version_value": "5.0.7.0"
}, },
{ {
"version_value" : "5.0.7.1" "version_value": "5.0.7.1"
}, },
{ {
"version_value" : "5.0.3.0" "version_value": "5.0.3.0"
}, },
{ {
"version_value" : "5.0.4.0" "version_value": "5.0.4.0"
}, },
{ {
"version_value" : "5.0.7.2" "version_value": "5.0.7.2"
}, },
{ {
"version_value" : "5.0.6.3" "version_value": "5.0.6.3"
}, },
{ {
"version_value" : "5.0.6.4" "version_value": "5.0.6.4"
}, },
{ {
"version_value" : "5.0.8.0" "version_value": "5.0.8.0"
}, },
{ {
"version_value" : "5.0.8.1" "version_value": "5.0.8.1"
}, },
{ {
"version_value" : "5.0.6.5" "version_value": "5.0.6.5"
}, },
{ {
"version_value" : "5.0.6.6" "version_value": "5.0.6.6"
}, },
{ {
"version_value" : "5.0.8.2" "version_value": "5.0.8.2"
}, },
{ {
"version_value" : "5.0.8.3" "version_value": "5.0.8.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www-prd-trops.events.ibm.com/node/715299", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www-prd-trops.events.ibm.com/node/715299" "lang": "eng",
}, "value": "IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650."
{ }
"name" : "ibm-api-cve20181546-info-disc(142650)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142650" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.900",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-api-cve20181546-info-disc(142650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142650"
},
{
"name": "https://www-prd-trops.events.ibm.com/node/715299",
"refsource": "CONFIRM",
"url": "https://www-prd-trops.events.ibm.com/node/715299"
}
]
}
}

34
2018/1xxx/CVE-2018-1811.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1811", "ID": "CVE-2018-1811",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

182
2018/1xxx/CVE-2018-1938.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-02T00:00:00", "DATE_PUBLIC": "2019-03-02T00:00:00",
"ID" : "CVE-2018-1938", "ID": "CVE-2018-1938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cloud Private", "product_name": "Cloud Private",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.1.1" "version_value": "3.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "H",
"S" : "U",
"SCORE" : "4.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10871770" "lang": "eng",
}, "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
{ }
"name" : "107299", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/107299" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-cloud-cve20181938-info-disc(153318)", "A": "N",
"refsource" : "XF", "AC": "L",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318" "AV": "L",
} "C": "H",
] "I": "N",
} "PR": "H",
} "S": "U",
"SCORE": "4.400",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-cloud-cve20181938-info-disc(153318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
},
{
"name": "107299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107299"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10871770",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
}
]
}
}

120
2018/5xxx/CVE-2018-5791.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5791", "ID": "CVE-2018-5791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" "lang": "eng",
} "value": "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003",
"refsource": "CONFIRM",
"url": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003"
}
]
}
}