admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:09:30 +00:00
parent fa57c34dad
commit b08d1c0af5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3806 additions and 3801 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2004/0xxx/CVE-2004-0459.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka \"jabber\"), which prevents devices from transmitting data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040513 802.11b (others) single packet DoS",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0631.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2004-009.pdf",
"refsource" : "MISC",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2004-009.pdf"
},
{
"name" : "AA-2004.02",
"refsource" : "AUSCERT",
"url" : "http://www.auscert.org.au/render.html?it=4091"
},
{
"name" : "VU#106678",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/106678"
},
{
"name" : "10342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10342"
},
{
"name" : "16034",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16034"
},
{
"name" : "1010152",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010152"
},
{
"name" : "ieee80211-cca-dos(16138)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka \"jabber\"), which prevents devices from transmitting data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2004-009.pdf",
"refsource": "MISC",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2004-009.pdf"
},
{
"name": "20040513 802.11b (others) single packet DoS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0631.html"
},
{
"name": "16034",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16034"
},
{
"name": "1010152",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010152"
},
{
"name": "AA-2004.02",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4091"
},
{
"name": "VU#106678",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/106678"
},
{
"name": "ieee80211-cca-dos(16138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16138"
},
{
"name": "10342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10342"
}
]
}
}

160
2004/1xxx/CVE-2004-1556.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040927 MyWebServer 1.0.3",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109630333230707&w=2"
},
{
"name" : "11254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11254"
},
{
"name" : "1011461",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011461"
},
{
"name" : "12689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12689"
},
{
"name" : "mywebserver-mult-connections-dos(17519)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mywebserver-mult-connections-dos(17519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17519"
},
{
"name": "11254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11254"
},
{
"name": "1011461",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011461"
},
{
"name": "12689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12689"
},
{
"name": "20040927 MyWebServer 1.0.3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109630333230707&w=2"
}
]
}
}

170
2004/1xxx/CVE-2004-1953.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040421 [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108258931430060&w=2"
},
{
"name" : "http://www.waraxe.us/index.php?modname=sa&id=21",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/index.php?modname=sa&id=21"
},
{
"name" : "10190",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10190"
},
{
"name" : "5623",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5623"
},
{
"name" : "11465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11465"
},
{
"name" : "phprofession-upload-path-disclosure(15930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5623"
},
{
"name": "20040421 [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108258931430060&w=2"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa&id=21",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa&id=21"
},
{
"name": "phprofession-upload-path-disclosure(15930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15930"
},
{
"name": "11465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11465"
},
{
"name": "10190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10190"
}
]
}
}

140
2004/1xxx/CVE-2004-1981.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040502 Crystal Reports Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108360413811017&w=2"
},
{
"name" : "20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108671836127360&w=2"
},
{
"name" : "crystalreports-dos(16046)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108360413811017&w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108671836127360&w=2"
},
{
"name": "crystalreports-dos(16046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
]
}
}

180
2008/3xxx/CVE-2008-3100.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080728 Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494843/100/0/threaded"
},
{
"name" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html",
"refsource" : "MISC",
"url" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html"
},
{
"name" : "30410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30410"
},
{
"name" : "ADV-2008-2209",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2209"
},
{
"name" : "31264",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31264"
},
{
"name" : "4057",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4057"
},
{
"name" : "owl-register-xss(44053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30410"
},
{
"name": "4057",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4057"
},
{
"name": "31264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31264"
},
{
"name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html",
"refsource": "MISC",
"url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3100-Owl.html"
},
{
"name": "20080728 Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494843/100/0/threaded"
},
{
"name": "ADV-2008-2209",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2209"
},
{
"name": "owl-register-xss(44053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44053"
}
]
}
}

170
2008/3xxx/CVE-2008-3347.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080719 Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit )",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494551/100/0/threaded"
},
{
"name" : "30305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30305"
},
{
"name" : "ADV-2008-2162",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2162/references"
},
{
"name" : "31189",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31189"
},
{
"name" : "4046",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4046"
},
{
"name" : "easydynamicpages-read-sql-injection(43917)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "easydynamicpages-read-sql-injection(43917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43917"
},
{
"name": "30305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30305"
},
{
"name": "20080719 Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494551/100/0/threaded"
},
{
"name": "4046",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4046"
},
{
"name": "ADV-2008-2162",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2162/references"
},
{
"name": "31189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31189"
}
]
}
}

170
2008/3xxx/CVE-2008-3973.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-3973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name" : "33177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33177"
},
{
"name" : "ADV-2009-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name" : "51351",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51351"
},
{
"name" : "1021561",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021561"
},
{
"name" : "33525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33525"
},
{
"name": "51351",
"refsource": "OSVDB",
"url": "http://osvdb.org/51351"
},
{
"name": "1021561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021561"
},
{
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}
}

150
2008/4xxx/CVE-2008-4006.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-4006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name" : "33177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33177"
},
{
"name" : "ADV-2009-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name" : "33525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33525"
},
{
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}
}

240
2008/4xxx/CVE-2008-4018.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc"
},
{
"name" : "IZ18334",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ18334"
},
{
"name" : "IZ18335",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ18335"
},
{
"name" : "IZ18338",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ18338"
},
{
"name" : "IZ18339",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ18339"
},
{
"name" : "IZ18341",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ18341"
},
{
"name" : "IZ28943",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ28943"
},
{
"name" : "30999",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30999"
},
{
"name" : "oval:org.mitre.oval:def:5932",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5932"
},
{
"name" : "ADV-2008-2490",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2490"
},
{
"name" : "1020818",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020818"
},
{
"name" : "31739",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31739"
},
{
"name" : "ibm-aix-swcons-code-execution(44903)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44903"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc"
},
{
"name": "31739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31739"
},
{
"name": "IZ18335",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ18335"
},
{
"name": "ADV-2008-2490",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2490"
},
{
"name": "IZ18334",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ18334"
},
{
"name": "IZ18338",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ18338"
},
{
"name": "ibm-aix-swcons-code-execution(44903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44903"
},
{
"name": "IZ28943",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ28943"
},
{
"name": "IZ18339",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ18339"
},
{
"name": "30999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30999"
},
{
"name": "IZ18341",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ18341"
},
{
"name": "1020818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020818"
},
{
"name": "oval:org.mitre.oval:def:5932",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5932"
}
]
}
}

170
2008/4xxx/CVE-2008-4072.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080911 PhsBlog v0.2 Bypass Sql injection Filtering Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496233/100/0/threaded"
},
{
"name" : "6431",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6431"
},
{
"name" : "31172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31172"
},
{
"name" : "31815",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31815"
},
{
"name" : "4246",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4246"
},
{
"name" : "phsblog-index-sql-injection(45053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4246",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4246"
},
{
"name": "phsblog-index-sql-injection(45053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45053"
},
{
"name": "20080911 PhsBlog v0.2 Bypass Sql injection Filtering Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496233/100/0/threaded"
},
{
"name": "31815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31815"
},
{
"name": "31172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31172"
},
{
"name": "6431",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6431"
}
]
}
}

180
2008/4xxx/CVE-2008-4486.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081006 Yerba SACphp <= 6.3 / Local File Inclusion Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497103"
},
{
"name" : "6687",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6687"
},
{
"name" : "31606",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31606"
},
{
"name" : "ADV-2008-2754",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2754"
},
{
"name" : "32093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32093"
},
{
"name" : "4368",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4368"
},
{
"name" : "yerbasacphp-mod-file-include(45708)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45708"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4368",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4368"
},
{
"name": "31606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31606"
},
{
"name": "32093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32093"
},
{
"name": "ADV-2008-2754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2754"
},
{
"name": "yerbasacphp-mod-file-include(45708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45708"
},
{
"name": "6687",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6687"
},
{
"name": "20081006 Yerba SACphp <= 6.3 / Local File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497103"
}
]
}
}

170
2008/4xxx/CVE-2008-4626.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6788",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6788"
},
{
"name" : "31828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31828"
},
{
"name" : "49171",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/49171"
},
{
"name" : "32325",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32325"
},
{
"name" : "4444",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4444"
},
{
"name" : "yappang-index-file-include(45965)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the album parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49171",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49171"
},
{
"name": "32325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32325"
},
{
"name": "4444",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4444"
},
{
"name": "6788",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6788"
},
{
"name": "31828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31828"
},
{
"name": "yappang-index-file-include(45965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45965"
}
]
}
}

150
2008/4xxx/CVE-2008-4950.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that \"There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://bugs.debian.org/496413",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/496413"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/dpkg-cross",
"refsource" : "MISC",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/dpkg-cross"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "MISC",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that \"There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/dpkg-cross",
"refsource": "MISC",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/dpkg-cross"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://bugs.debian.org/496413",
"refsource": "MISC",
"url": "http://bugs.debian.org/496413"
}
]
}
}

190
2008/6xxx/CVE-2008-6020.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"an exposed filter on CCK text fields.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/348321",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/348321"
},
{
"name" : "http://drupal.org/node/347831",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/347831"
},
{
"name" : "FEDORA-2008-11519",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
},
{
"name" : "32895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32895"
},
{
"name" : "50795",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50795"
},
{
"name" : "33225",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33225"
},
{
"name" : "33289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33289"
},
{
"name" : "views-cck-sql-injection(47454)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"an exposed filter on CCK text fields.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/348321",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348321"
},
{
"name": "32895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32895"
},
{
"name": "33225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33225"
},
{
"name": "50795",
"refsource": "OSVDB",
"url": "http://osvdb.org/50795"
},
{
"name": "FEDORA-2008-11519",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
},
{
"name": "33289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33289"
},
{
"name": "http://drupal.org/node/347831",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/347831"
},
{
"name": "views-cck-sql-injection(47454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
}
]
}
}

140
2008/6xxx/CVE-2008-6322.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7415",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7415"
},
{
"name" : "32768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32768"
},
{
"name" : "33070",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7415",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7415"
},
{
"name": "32768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32768"
},
{
"name": "33070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33070"
}
]
}
}

150
2008/6xxx/CVE-2008-6664.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5829",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5829"
},
{
"name" : "http://www.shnews.de/change-log",
"refsource" : "MISC",
"url" : "http://www.shnews.de/change-log"
},
{
"name" : "29725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29725"
},
{
"name" : "shnews-action-authentication-bypass(43123)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shnews-action-authentication-bypass(43123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43123"
},
{
"name": "29725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29725"
},
{
"name": "5829",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5829"
},
{
"name": "http://www.shnews.de/change-log",
"refsource": "MISC",
"url": "http://www.shnews.de/change-log"
}
]
}
}

150
2008/7xxx/CVE-2008-7073.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7225",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7225"
},
{
"name" : "http://www.z0rlu.blogspot.com/2008/11/pie-web-maesher-mod-rss-01-remote-file.html",
"refsource" : "MISC",
"url" : "http://www.z0rlu.blogspot.com/2008/11/pie-web-maesher-mod-rss-01-remote-file.html"
},
{
"name" : "32465",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32465"
},
{
"name" : "pie-rss-file-include(46834)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.z0rlu.blogspot.com/2008/11/pie-web-maesher-mod-rss-01-remote-file.html",
"refsource": "MISC",
"url": "http://www.z0rlu.blogspot.com/2008/11/pie-web-maesher-mod-rss-01-remote-file.html"
},
{
"name": "32465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32465"
},
{
"name": "7225",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7225"
},
{
"name": "pie-rss-file-include(46834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46834"
}
]
}
}

140
2008/7xxx/CVE-2008-7114.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6315",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6315"
},
{
"name" : "30850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30850"
},
{
"name" : "ifdate-search-sql-injection(44668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ifdate-search-sql-injection(44668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44668"
},
{
"name": "30850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30850"
},
{
"name": "6315",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6315"
}
]
}
}

130
2008/7xxx/CVE-2008-7310.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a \"mass assignment\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment",
"refsource" : "MISC",
"url" : "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment"
},
{
"name" : "http://spreecommerce.com/blog/2008/09/16/security-vulnerability-mass-assignment-of-order-params/",
"refsource" : "CONFIRM",
"url" : "http://spreecommerce.com/blog/2008/09/16/security-vulnerability-mass-assignment-of-order-params/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a \"mass assignment\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://spreecommerce.com/blog/2008/09/16/security-vulnerability-mass-assignment-of-order-params/",
"refsource": "CONFIRM",
"url": "http://spreecommerce.com/blog/2008/09/16/security-vulnerability-mass-assignment-of-order-params/"
},
{
"name": "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment",
"refsource": "MISC",
"url": "http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment"
}
]
}
}

160
2013/2xxx/CVE-2013-2017.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130429 Re: CVE request -- Linux kernel: veth: double-free in case of congestion",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/29/10"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6ec82562ffc6f297d0de36d65776cff8e5704867",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6ec82562ffc6f297d0de36d65776cff8e5704867"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=957705",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=957705"
},
{
"name" : "https://github.com/torvalds/linux/commit/6ec82562ffc6f297d0de36d65776cff8e5704867",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6ec82562ffc6f297d0de36d65776cff8e5704867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6ec82562ffc6f297d0de36d65776cff8e5704867",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6ec82562ffc6f297d0de36d65776cff8e5704867"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=957705",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=957705"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "[oss-security] 20130429 Re: CVE request -- Linux kernel: veth: double-free in case of congestion",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/10"
},
{
"name": "https://github.com/torvalds/linux/commit/6ec82562ffc6f297d0de36d65776cff8e5704867",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6ec82562ffc6f297d0de36d65776cff8e5704867"
}
]
}
}

270
2013/2xxx/CVE-2013-2266.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.isc.org/software/bind/advisories/cve-2013-2266",
"refsource" : "CONFIRM",
"url" : "http://www.isc.org/software/bind/advisories/cve-2013-2266"
},
{
"name" : "https://kb.isc.org/article/AA-00871/",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-00871/"
},
{
"name" : "https://kb.isc.org/article/AA-00879/",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-00879/"
},
{
"name" : "http://support.apple.com/kb/HT5880",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5880"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1244",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name" : "APPLE-SA-2013-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name" : "DSA-2656",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2656"
},
{
"name" : "FEDORA-2013-4525",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html"
},
{
"name" : "FEDORA-2013-4533",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html"
},
{
"name" : "HPSBUX02876",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136804614120794&w=2"
},
{
"name" : "SSRT101148",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136804614120794&w=2"
},
{
"name" : "RHSA-2013:0690",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0690.html"
},
{
"name" : "RHSA-2013:0689",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0689.html"
},
{
"name" : "USN-1783-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1783-1"
},
{
"name" : "58736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58736"
},
{
"name" : "oval:org.mitre.oval:def:19579",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00871/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00871/"
},
{
"name": "FEDORA-2013-4533",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1244",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1244"
},
{
"name": "RHSA-2013:0689",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0689.html"
},
{
"name": "http://www.isc.org/software/bind/advisories/cve-2013-2266",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/bind/advisories/cve-2013-2266"
},
{
"name": "https://kb.isc.org/article/AA-00879/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00879/"
},
{
"name": "FEDORA-2013-4525",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html"
},
{
"name": "HPSBUX02876",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136804614120794&w=2"
},
{
"name": "SSRT101148",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136804614120794&w=2"
},
{
"name": "58736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58736"
},
{
"name": "RHSA-2013:0690",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0690.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:19579",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19579"
},
{
"name": "DSA-2656",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2656"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "USN-1783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1783-1"
}
]
}
}

140
2013/2xxx/CVE-2013-2976.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name" : "PM79992",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992"
},
{
"name" : "was-cve20132976-info-disclosure(83965)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "was-cve20132976-info-disclosure(83965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83965"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "PM79992",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992"
}
]
}
}

190
2013/6xxx/CVE-2013-6224.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Nov/208"
},
{
"name" : "http://packetstormsecurity.com/files/124222",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124222"
},
{
"name" : "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/",
"refsource" : "MISC",
"url" : "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"
},
{
"name" : "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla",
"refsource" : "MISC",
"url" : "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"
},
{
"name" : "100399",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100399"
},
{
"name" : "100401",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100401"
},
{
"name" : "100402",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100402"
},
{
"name" : "livezilla-cve20136224-xss(89315)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100399",
"refsource": "OSVDB",
"url": "http://osvdb.org/100399"
},
{
"name": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/",
"refsource": "MISC",
"url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"
},
{
"name": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla",
"refsource": "MISC",
"url": "https://cureblog.de/2013/12/cve-2013-6224-cross-site-scripting-in-livezilla"
},
{
"name": "100401",
"refsource": "OSVDB",
"url": "http://osvdb.org/100401"
},
{
"name": "livezilla-cve20136224-xss(89315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89315"
},
{
"name": "20131128 CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Nov/208"
},
{
"name": "100402",
"refsource": "OSVDB",
"url": "http://osvdb.org/100402"
},
{
"name": "http://packetstormsecurity.com/files/124222",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124222"
}
]
}
}

140
2013/6xxx/CVE-2013-6314.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662911",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21662911"
},
{
"name" : "65922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65922"
},
{
"name" : "ibm-enterprise-cve20136314-xss(88595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-enterprise-cve20136314-xss(88595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88595"
},
{
"name": "65922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65922"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662911",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662911"
}
]
}
}

150
2017/10xxx/CVE-2017-10122.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "10"
},
{
"version_affected" : "=",
"version_value" : "11"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10"
},
{
"version_affected": "=",
"version_value": "11"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99852"
},
{
"name" : "1038938",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99852"
},
{
"name": "1038938",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038938"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10626.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10626",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10626",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/10xxx/CVE-2017-10640.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10640",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10640",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/11xxx/CVE-2017-11019.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-11019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Display"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-11019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Display"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}

130
2017/11xxx/CVE-2017-11730.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_24.html",
"refsource" : "MISC",
"url" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_24.html"
},
{
"name" : "https://github.com/libming/libming/issues/81",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/81"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_24.html",
"refsource": "MISC",
"url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_24.html"
},
{
"name": "https://github.com/libming/libming/issues/81",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/81"
}
]
}
}

120
2017/14xxx/CVE-2017-14551.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14551",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14551"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to \"Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14551",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14551"
}
]
}
}

140
2017/14xxx/CVE-2017-14925.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/09/28/13",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"name" : "https://sourceforge.net/p/tikiwiki/code/63872",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/tikiwiki/code/63872"
},
{
"name" : "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released",
"refsource" : "MISC",
"url" : "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/09/28/13",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/28/13"
},
{
"name": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released",
"refsource": "MISC",
"url": "https://tiki.org/article449-Security-and-bug-fix-updates-Tiki-17-1-Tiki-16-3-15-5-and-Tiki-12-12-released"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/63872",
"refsource": "MISC",
"url": "https://sourceforge.net/p/tikiwiki/code/63872"
}
]
}
}

34
2017/15xxx/CVE-2017-15027.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15027",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15027",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/15xxx/CVE-2017-15170.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15170",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15170",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/15xxx/CVE-2017-15171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15171",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15171",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/15xxx/CVE-2017-15249.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15249",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15249",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15249"
}
]
}
}

130
2017/9xxx/CVE-2017-9338.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-007",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
},
{
"name" : "99322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-007"
},
{
"name": "99322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99322"
}
]
}
}

122
2017/9xxx/CVE-2017-9367.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@blackberry.com",
"DATE_PUBLIC" : "2017-10-16T00:00:00",
"ID" : "CVE-2017-9367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Workspaces Server",
"version" : {
"version_data" : [
{
"version_value" : "BlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6, and vApp versions 5.5.9 and earlier"
}
]
}
}
]
},
"vendor_name" : "BlackBerry"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC": "2017-10-16T00:00:00",
"ID": "CVE-2017-9367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workspaces Server",
"version": {
"version_data": [
{
"version_value": "BlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6, and vApp versions 5.5.9 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696"
}
]
}
}

130
2017/9xxx/CVE-2017-9538.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a \"Cannot exit above the top directory\" error message throughout the entire web application) via a \"..\" in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170929 [CVE-2017-9538] Persistent Application Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541263/100/0/threaded"
},
{
"name" : "101066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101066"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a \"Cannot exit above the top directory\" error message throughout the entire web application) via a \"..\" in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170929 [CVE-2017-9538] Persistent Application Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541263/100/0/threaded"
},
{
"name": "101066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101066"
}
]
}
}

120
2017/9xxx/CVE-2017-9821.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf",
"refsource" : "MISC",
"url" : "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf",
"refsource": "MISC",
"url": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf"
}
]
}
}

330
2018/0xxx/CVE-2018-0060.json
View File

@ -1,168 +1,168 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0060",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0060",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D40"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D20"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D40"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D20"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D68"
},
{
"affected": "<",
"platform": "QFX5200/QFX5110",
"version_name": "15.1X53",
"version_value": "15.1X53-D235"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D495"
},
{
"affected": "<",
"platform": "EX2300/EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D40"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D20"
},
{
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D40"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D20"
},
{
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D68"
},
{
"affected" : "<",
"platform" : "QFX5200/QFX5110",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D235"
},
{
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D495"
},
{
"affected" : "<",
"platform" : "EX2300/EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D590"
},
{
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R7-S2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"lang": "eng",
"value": "An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not vulnerable to this issue when not configured to use DHCP. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D40 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 14.1X53 versions prior to 14.1X53-D40 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1X49 versions prior to 15.1X49-D20 on SRX Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D495 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400; 15.1 versions prior to 15.1R7-S2."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper input validation"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10895",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10895"
},
{
"name" : "1041858",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041858"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D40, 12.3X48-D20, 14.1X53-D40, 15.1X49-D20, 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1R7-S2, 16.1R1and all subsequent releases."
}
],
"source" : {
"advisory" : "JSA10895",
"defect" : [
"1082817"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : "Configure the device to use static IP addresses for all interfaces.\nDisable DHCP services.\n"
}
]
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041858",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041858"
},
{
"name": "https://kb.juniper.net/JSA10895",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10895"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D40, 12.3X48-D20, 14.1X53-D40, 15.1X49-D20, 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1R7-S2, 16.1R1and all subsequent releases."
}
],
"source": {
"advisory": "JSA10895",
"defect": [
"1082817"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Configure the device to use static IP addresses for all interfaces.\nDisable DHCP services.\n"
}
]
}

140
2018/0xxx/CVE-2018-0176.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XE",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE",
"version": {
"version_data": [
{
"version_value": "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1"
},
{
"name" : "103567",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103567"
},
{
"name" : "1040583",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103567"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1"
},
{
"name": "1040583",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040583"
}
]
}
}

160
2018/0xxx/CVE-2018-0486.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2018-0486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "XMLTooling-C before 1.6.3",
"version" : {
"version_data" : [
{
"version_value" : "XMLTooling-C before 1.6.3"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "mishandles digital signatures"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XMLTooling-C before 1.6.3",
"version": {
"version_data": [
{
"version_value": "XMLTooling-C before 1.6.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
},
{
"name" : "https://lists.debian.org/debian-security-announce/2018/msg00007.html",
"refsource" : "MISC",
"url" : "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
},
{
"name" : "https://shibboleth.net/community/advisories/secadv_20180112.txt",
"refsource" : "MISC",
"url" : "https://shibboleth.net/community/advisories/secadv_20180112.txt"
},
{
"name" : "DSA-4085",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4085"
},
{
"name" : "1040177",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mishandles digital signatures"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4085",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4085"
},
{
"name": "https://lists.debian.org/debian-security-announce/2018/msg00007.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
},
{
"name": "https://shibboleth.net/community/advisories/secadv_20180112.txt",
"refsource": "MISC",
"url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
},
{
"name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
},
{
"name": "1040177",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040177"
}
]
}
}

142
2018/0xxx/CVE-2018-0741.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2018-0741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Color Management Module (Icm32.dll)",
"version" : {
"version_data" : [
{
"version_value" : "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Microsoft Color Management Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2018-0741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Color Management Module (Icm32.dll)",
"version": {
"version_data": [
{
"version_value": "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741"
},
{
"name" : "102349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102349"
},
{
"name" : "1040093",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Microsoft Color Management Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102349"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741"
},
{
"name": "1040093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040093"
}
]
}
}

142
2018/0xxx/CVE-2018-0803.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2018-0803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka \"Microsoft Edge Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2018-0803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0803",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0803"
},
{
"name" : "102384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102384"
},
{
"name" : "1040100",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka \"Microsoft Edge Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0803",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0803"
},
{
"name": "1040100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040100"
},
{
"name": "102384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102384"
}
]
}
}

152
2018/0xxx/CVE-2018-0860.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-0860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge, ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Important"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge, ChakraCore",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44076",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44076/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860"
},
{
"name" : "102883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102883"
},
{
"name" : "1040372",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Important"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44076",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44076/"
},
{
"name": "102883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102883"
},
{
"name": "1040372",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040372"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860"
}
]
}
}

120
2018/12xxx/CVE-2018-12273.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/XIMDEX/ximdex/issues/149",
"refsource" : "MISC",
"url" : "https://github.com/XIMDEX/ximdex/issues/149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/XIMDEX/ximdex/issues/149",
"refsource": "MISC",
"url": "https://github.com/XIMDEX/ximdex/issues/149"
}
]
}
}

130
2018/16xxx/CVE-2018-16042.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-16042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-16042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106159"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106159"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

130
2018/16xxx/CVE-2018-16188.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RICOH Interactive Whiteboard",
"version" : {
"version_data" : [
{
"version_value" : "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name" : "RICOH COMPANY, LTD."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RICOH Interactive Whiteboard",
"version": {
"version_data": [
{
"version_value": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ricoh.com/info/2018/1127_1.html",
"refsource" : "MISC",
"url" : "https://www.ricoh.com/info/2018/1127_1.html"
},
{
"name" : "JVN#55263945",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN55263945/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55263945",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"name": "https://www.ricoh.com/info/2018/1127_1.html",
"refsource": "MISC",
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
]
}
}

180
2018/16xxx/CVE-2018-16435.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"
},
{
"name" : "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8",
"refsource" : "MISC",
"url" : "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"
},
{
"name" : "https://github.com/mm2/Little-CMS/issues/171",
"refsource" : "MISC",
"url" : "https://github.com/mm2/Little-CMS/issues/171"
},
{
"name" : "DSA-4284",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4284"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "USN-3770-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3770-1/"
},
{
"name" : "USN-3770-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3770-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3770-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "USN-3770-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"
},
{
"name": "https://github.com/mm2/Little-CMS/issues/171",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/issues/171"
},
{
"name": "DSA-4284",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4284"
},
{
"name": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"
}
]
}
}

130
2018/16xxx/CVE-2018-16836.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45385",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45385/"
},
{
"name" : "https://github.com/maroueneboubakri/CVE/tree/master/rubedo-cms",
"refsource" : "MISC",
"url" : "https://github.com/maroueneboubakri/CVE/tree/master/rubedo-cms"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/maroueneboubakri/CVE/tree/master/rubedo-cms",
"refsource": "MISC",
"url": "https://github.com/maroueneboubakri/CVE/tree/master/rubedo-cms"
},
{
"name": "45385",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45385/"
}
]
}
}

34
2018/16xxx/CVE-2018-16934.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16934",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16934",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4024.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4024",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4024",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/4xxx/CVE-2018-4169.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208465",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208465",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208465"
}
]
}
}

130
2018/4xxx/CVE-2018-4234.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
},
{
"name" : "1041027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4729.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4729",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4729",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/9xxx/CVE-2019-9574.json
View File

@ -56,6 +56,11 @@
"name": "https://wordpress.org/plugins/hrm/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/hrm/#developers"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20190317 CVE-2019-9573 / CVE-2019-9574: WordPress plugin hrm missing server side authorization checks",
"url": "http://www.openwall.com/lists/oss-security/2019/03/17/1"
}
]
}