admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:10:32 +00:00
parent e28b59885e
commit b226a4ae82
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3557 additions and 3557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2008/0xxx/CVE-2008-0027.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-0027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
},
{
"name" : "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
},
{
"name" : "27313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27313"
},
{
"name" : "ADV-2008-0171",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0171"
},
{
"name" : "1019223",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019223"
},
{
"name" : "28530",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28530"
},
{
"name" : "3551",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3551"
},
{
"name" : "cisco-cucm-ctl-bo(39704)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486432/100/0/threaded"
},
{
"name": "ADV-2008-0171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0171"
},
{
"name": "3551",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3551"
},
{
"name": "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02"
},
{
"name": "cisco-cucm-ctl-bo(39704)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704"
},
{
"name": "1019223",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019223"
},
{
"name": "27313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27313"
},
{
"name": "28530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28530"
}
]
}
}

180
2008/0xxx/CVE-2008-0034.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2008-01-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307302",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name" : "27297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27297"
},
{
"name" : "ADV-2008-0147",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0147"
},
{
"name" : "1019219",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019219"
},
{
"name" : "28497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28497"
},
{
"name" : "iphone-passcode-lock-security-bypass(39701)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iphone-passcode-lock-security-bypass(39701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39701"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307302",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "1019219",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019219"
},
{
"name": "28497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28497"
},
{
"name": "27297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27297"
},
{
"name": "APPLE-SA-2008-01-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "ADV-2008-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0147"
}
]
}
}

34
2008/0xxx/CVE-2008-0305.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0305",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0305",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2008/0xxx/CVE-2008-0384.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4935",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4935"
},
{
"name" : "[openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=openbsd-security-announce&m=120007327504064"
},
{
"name" : "[4.2] 20080111 005: RELIABILITY FIX: January 11, 2008",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata42.html#005_ifrtlabel"
},
{
"name" : "27252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27252"
},
{
"name" : "1019188",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019188"
},
{
"name" : "28473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27252"
},
{
"name": "4935",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4935"
},
{
"name": "[4.2] 20080111 005: RELIABILITY FIX: January 11, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata42.html#005_ifrtlabel"
},
{
"name": "28473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28473"
},
{
"name": "1019188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019188"
},
{
"name": "[openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic",
"refsource": "MLIST",
"url": "http://marc.info/?l=openbsd-security-announce&m=120007327504064"
}
]
}
}

140
2008/0xxx/CVE-2008-0723.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080206 MyNews 1.6.X HTML/JS Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=120232523420188&w=2"
},
{
"name" : "20080207 Re: MyNews 1.6.X HTML/JS Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=120235668406688&w=2"
},
{
"name" : "27652",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27652"
},
{
"name": "20080207 Re: MyNews 1.6.X HTML/JS Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=120235668406688&w=2"
},
{
"name": "20080206 MyNews 1.6.X HTML/JS Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=120232523420188&w=2"
}
]
}
}

150
2008/0xxx/CVE-2008-0839.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5138",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5138"
},
{
"name" : "27850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27850"
},
{
"name" : "29008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29008"
},
{
"name" : "astatspro-refer-sql-injection(40611)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40611"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29008"
},
{
"name": "5138",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5138"
},
{
"name": "27850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27850"
},
{
"name": "astatspro-refer-sql-injection(40611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40611"
}
]
}
}

350
2008/1xxx/CVE-2008-1071.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080229 rPSA-2008-0092-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488967/100/0/threaded"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2296",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2296"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm"
},
{
"name" : "FEDORA-2008-2941",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html"
},
{
"name" : "FEDORA-2008-3040",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html"
},
{
"name" : "GLSA-200803-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-32.xml"
},
{
"name" : "MDVSA-2008:057",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057"
},
{
"name" : "RHSA-2008:0890",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html"
},
{
"name" : "SUSE-SR:2008:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name" : "28025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28025"
},
{
"name" : "oval:org.mitre.oval:def:11633",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11633"
},
{
"name" : "oval:org.mitre.oval:def:14784",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14784"
},
{
"name" : "ADV-2008-0704",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0704"
},
{
"name" : "ADV-2008-2773",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2773"
},
{
"name" : "1019515",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019515"
},
{
"name" : "29156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29156"
},
{
"name" : "29188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29188"
},
{
"name" : "29223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29223"
},
{
"name" : "29242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29242"
},
{
"name" : "29511",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29511"
},
{
"name" : "29736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29736"
},
{
"name" : "32091",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-32.xml"
},
{
"name": "RHSA-2008:0890",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html"
},
{
"name": "oval:org.mitre.oval:def:11633",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11633"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2008-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2008-01.html"
},
{
"name": "FEDORA-2008-3040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html"
},
{
"name": "29188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29188"
},
{
"name": "29242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29242"
},
{
"name": "29511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29511"
},
{
"name": "oval:org.mitre.oval:def:14784",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14784"
},
{
"name": "SUSE-SR:2008:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "20080229 rPSA-2008-0092-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488967/100/0/threaded"
},
{
"name": "1019515",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019515"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm"
},
{
"name": "32091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32091"
},
{
"name": "29736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29736"
},
{
"name": "ADV-2008-2773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2773"
},
{
"name": "https://issues.rpath.com/browse/RPL-2296",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2296"
},
{
"name": "ADV-2008-0704",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0704"
},
{
"name": "28025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28025"
},
{
"name": "MDVSA-2008:057",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057"
},
{
"name": "29156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29156"
},
{
"name": "FEDORA-2008-2941",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html"
},
{
"name": "29223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29223"
}
]
}
}

390
2008/1xxx/CVE-2008-1615.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=431430",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=431430"
},
{
"name" : "DSA-1588",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1588"
},
{
"name" : "FEDORA-2008-4043",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html"
},
{
"name" : "MDVSA-2008:167",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167"
},
{
"name" : "MDVSA-2008:174",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174"
},
{
"name" : "RHSA-2008:0237",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0237.html"
},
{
"name" : "RHSA-2008:0275",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0275.html"
},
{
"name" : "RHSA-2008:0585",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html"
},
{
"name" : "SUSE-SA:2008:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html"
},
{
"name" : "SUSE-SA:2008:031",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html"
},
{
"name" : "SUSE-SA:2008:032",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html"
},
{
"name" : "SUSE-SA:2008:035",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
},
{
"name" : "SUSE-SA:2008:038",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
},
{
"name" : "USN-625-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-625-1"
},
{
"name" : "29086",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29086"
},
{
"name" : "oval:org.mitre.oval:def:9563",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9563"
},
{
"name" : "1020047",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020047"
},
{
"name" : "30252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30252"
},
{
"name" : "30294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30294"
},
{
"name" : "30368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30368"
},
{
"name" : "30818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30818"
},
{
"name" : "30890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30890"
},
{
"name" : "30962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30962"
},
{
"name" : "31107",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31107"
},
{
"name" : "31628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31628"
},
{
"name" : "30112",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30112"
},
{
"name" : "30982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30982"
},
{
"name" : "linux-kernel-processtrace-dos(42278)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42278"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0275",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0275.html"
},
{
"name": "30962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30962"
},
{
"name": "30294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30294"
},
{
"name": "30368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30368"
},
{
"name": "linux-kernel-processtrace-dos(42278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42278"
},
{
"name": "SUSE-SA:2008:038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
},
{
"name": "SUSE-SA:2008:035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
},
{
"name": "oval:org.mitre.oval:def:9563",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9563"
},
{
"name": "RHSA-2008:0237",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0237.html"
},
{
"name": "MDVSA-2008:167",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167"
},
{
"name": "30982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30982"
},
{
"name": "DSA-1588",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1588"
},
{
"name": "SUSE-SA:2008:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html"
},
{
"name": "1020047",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020047"
},
{
"name": "RHSA-2008:0585",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html"
},
{
"name": "MDVSA-2008:174",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174"
},
{
"name": "31107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31107"
},
{
"name": "30252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30252"
},
{
"name": "FEDORA-2008-4043",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html"
},
{
"name": "30890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30890"
},
{
"name": "31628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31628"
},
{
"name": "USN-625-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-625-1"
},
{
"name": "29086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29086"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431430",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431430"
},
{
"name": "SUSE-SA:2008:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html"
},
{
"name": "30818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30818"
},
{
"name": "30112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30112"
},
{
"name": "SUSE-SA:2008:032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html"
}
]
}
}

170
2008/1xxx/CVE-2008-1643.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://community.landesk.com/support/docs/DOC-2659",
"refsource" : "CONFIRM",
"url" : "http://community.landesk.com/support/docs/DOC-2659"
},
{
"name" : "28535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28535"
},
{
"name" : "ADV-2008-1051",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1051/references"
},
{
"name" : "1019748",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019748"
},
{
"name" : "29324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29324"
},
{
"name" : "landesk-pxetftp-directory-traversal(41562)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1051/references"
},
{
"name": "29324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29324"
},
{
"name": "landesk-pxetftp-directory-traversal(41562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41562"
},
{
"name": "28535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28535"
},
{
"name": "http://community.landesk.com/support/docs/DOC-2659",
"refsource": "CONFIRM",
"url": "http://community.landesk.com/support/docs/DOC-2659"
},
{
"name": "1019748",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019748"
}
]
}
}

170
2008/1xxx/CVE-2008-1649.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490338/100/0/threaded"
},
{
"name" : "5333",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5333"
},
{
"name" : "28542",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28542"
},
{
"name" : "29624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29624"
},
{
"name" : "3793",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3793"
},
{
"name" : "easynews-index-xss(41593)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5333",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5333"
},
{
"name": "easynews-index-xss(41593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41593"
},
{
"name": "28542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28542"
},
{
"name": "29624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29624"
},
{
"name": "20080401 EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490338/100/0/threaded"
},
{
"name": "3793",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3793"
}
]
}
}

160
2008/1xxx/CVE-2008-1957.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5483",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5483"
},
{
"name" : "28876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28876"
},
{
"name" : "ADV-2008-1319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1319/references"
},
{
"name" : "29814",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29814"
},
{
"name" : "trscriptnews-news-sql-injection(41946)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41946"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trscriptnews-news-sql-injection(41946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41946"
},
{
"name": "ADV-2008-1319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1319/references"
},
{
"name": "28876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28876"
},
{
"name": "29814",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29814"
},
{
"name": "5483",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5483"
}
]
}
}

150
2008/4xxx/CVE-2008-4139.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080916 [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496435/100/0/threaded"
},
{
"name" : "31210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31210"
},
{
"name" : "31701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31701"
},
{
"name" : "quickcmslite-admin-xss(45194)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080916 [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496435/100/0/threaded"
},
{
"name": "31701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31701"
},
{
"name": "quickcmslite-admin-xss(45194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45194"
},
{
"name": "31210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31210"
}
]
}
}

140
2008/4xxx/CVE-2008-4467.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6374",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6374"
},
{
"name" : "31033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31033"
},
{
"name" : "tonercart-showseriesink-sql-injection(44955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31033"
},
{
"name": "6374",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6374"
},
{
"name": "tonercart-showseriesink-sql-injection(44955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44955"
}
]
}
}

160
2008/5xxx/CVE-2008-5644.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"name" : "32284",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32284"
},
{
"name" : "ADV-2008-3144",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3144"
},
{
"name" : "32689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32689"
},
{
"name" : "typo3-file-backend-xss(46585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3144"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/"
},
{
"name": "typo3-file-backend-xss(46585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46585"
},
{
"name": "32689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32689"
},
{
"name": "32284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32284"
}
]
}
}

120
2013/3xxx/CVE-2013-3393.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130625 Cisco Jabber Video Engine Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130625 Cisco Jabber Video Engine Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3393"
}
]
}
}

170
2013/3xxx/CVE-2013-3607.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf",
"refsource" : "MISC",
"url" : "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"
},
{
"name" : "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013",
"refsource" : "MISC",
"url" : "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"
},
{
"name" : "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
},
{
"name" : "VU#648646",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/648646"
},
{
"name" : "62094",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allow remote attackers to execute arbitrary code on the Baseboard Management Controller (BMC), as demonstrated by the (1) username or (2) password field in login.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62094"
},
{
"name": "VU#648646",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/648646"
},
{
"name": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
"refsource": "CONFIRM",
"url": "http://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
},
{
"name": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/conference/woot13/woot13-bonkoski_0.pdf"
},
{
"name": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013",
"refsource": "MISC",
"url": "http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
}
]
}
}

210
2013/3xxx/CVE-2013-3776.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name" : "MS13-061",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-061"
},
{
"name" : "JVN#68663052",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN68663052/index.html"
},
{
"name" : "JVNDB-2013-000071",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html"
},
{
"name" : "61234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61234"
},
{
"name" : "95276",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95276"
},
{
"name" : "oval:org.mitre.oval:def:18243",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18243"
},
{
"name" : "1028801",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028801"
},
{
"name" : "oracle-cpujuly2013-cve20133776(85663)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85663"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#68663052",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN68663052/index.html"
},
{
"name": "oracle-cpujuly2013-cve20133776(85663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85663"
},
{
"name": "95276",
"refsource": "OSVDB",
"url": "http://osvdb.org/95276"
},
{
"name": "61234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61234"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "JVNDB-2013-000071",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000071.html"
},
{
"name": "oval:org.mitre.oval:def:18243",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18243"
},
{
"name": "MS13-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-061"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "1028801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028801"
}
]
}
}

150
2013/4xxx/CVE-2013-4375.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/10/14"
},
{
"name" : "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html",
"refsource" : "CONFIRM",
"url" : "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html"
},
{
"name" : "GLSA-201407-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name" : "USN-2092-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2092-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html",
"refsource": "CONFIRM",
"url": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html"
},
{
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "USN-2092-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name": "[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/14"
}
]
}
}

34
2013/6xxx/CVE-2013-6099.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6099",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6099",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

190
2013/6xxx/CVE-2013-6404.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/11/28/8"
},
{
"name" : "http://quassel-irc.org/node/123",
"refsource" : "CONFIRM",
"url" : "http://quassel-irc.org/node/123"
},
{
"name" : "https://github.com/quassel/quassel/commit/a1a24da",
"refsource" : "CONFIRM",
"url" : "https://github.com/quassel/quassel/commit/a1a24da"
},
{
"name" : "openSUSE-SU-2013:1929",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
},
{
"name" : "openSUSE-SU-2014:0114",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
},
{
"name" : "100432",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100432"
},
{
"name" : "55640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55640"
},
{
"name" : "quasselirc-cve20136404-sec-bypass(89377)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/quassel/quassel/commit/a1a24da",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/a1a24da"
},
{
"name": "openSUSE-SU-2013:1929",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
},
{
"name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
},
{
"name": "http://quassel-irc.org/node/123",
"refsource": "CONFIRM",
"url": "http://quassel-irc.org/node/123"
},
{
"name": "quasselirc-cve20136404-sec-bypass(89377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
},
{
"name": "55640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55640"
},
{
"name": "openSUSE-SU-2014:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
},
{
"name": "100432",
"refsource": "OSVDB",
"url": "http://osvdb.org/100432"
}
]
}
}

150
2013/7xxx/CVE-2013-7032.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131214 LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0074.html"
},
{
"name" : "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog",
"refsource" : "CONFIRM",
"url" : "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog"
},
{
"name" : "101080",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101080"
},
{
"name" : "livezilla-cve20137032-xss(89809)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131214 LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0074.html"
},
{
"name": "livezilla-cve20137032-xss(89809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89809"
},
{
"name": "101080",
"refsource": "OSVDB",
"url": "http://osvdb.org/101080"
},
{
"name": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog",
"refsource": "CONFIRM",
"url": "http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog"
}
]
}
}

34
2013/7xxx/CVE-2013-7238.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7238",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7238",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/10xxx/CVE-2017-10222.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hospitality Materials Control",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.31.4"
},
{
"version_affected" : "=",
"version_value" : "8.32.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hospitality Materials Control",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.31.4"
},
{
"version_affected": "=",
"version_value": "8.32.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99701"
},
{
"name" : "1038941",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038941"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name": "99701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99701"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10250.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99824"
},
{
"name" : "1038932",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99824"
},
{
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

158
2017/10xxx/CVE-2017-10406.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "101471",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101471"
},
{
"name" : "1039598",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039598"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039598"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101471"
}
]
}
}

34
2017/10xxx/CVE-2017-10496.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10496",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10496",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2017/13xxx/CVE-2017-13011.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe",
"refsource" : "CONFIRM",
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "DSA-3971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3971"
},
{
"name" : "GLSA-201709-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-23"
},
{
"name" : "RHEA-2018:0705",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
},
{
"name" : "1039307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201709-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "DSA-3971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd468bc2f269173352fe"
},
{
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

132
2017/13xxx/CVE-2017-13153.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-13153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "8.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-13153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "102126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102126"
}
]
}
}

34
2017/13xxx/CVE-2017-13646.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13646",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13646",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/17xxx/CVE-2017-17050.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\\\.\\Viragtlt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020",
"refsource" : "MISC",
"url" : "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\\\.\\Viragtlt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020",
"refsource": "MISC",
"url": "https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC/tree/master/VirIT_NullPointerDereference_0x82730020"
}
]
}
}

140
2017/17xxx/CVE-2017-17058.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have \"if (!defined('ABSPATH')) {exit;}\" code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43196",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43196/"
},
{
"name" : "https://github.com/woocommerce/woocommerce/issues/17964",
"refsource" : "MISC",
"url" : "https://github.com/woocommerce/woocommerce/issues/17964"
},
{
"name" : "https://www.exploit-db.com/ghdb/4613/",
"refsource" : "MISC",
"url" : "https://www.exploit-db.com/ghdb/4613/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have \"if (!defined('ABSPATH')) {exit;}\" code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/ghdb/4613/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/ghdb/4613/"
},
{
"name": "https://github.com/woocommerce/woocommerce/issues/17964",
"refsource": "MISC",
"url": "https://github.com/woocommerce/woocommerce/issues/17964"
},
{
"name": "43196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43196/"
}
]
}
}

130
2017/17xxx/CVE-2017-17099.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42984",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42984/"
},
{
"name" : "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42984",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42984/"
},
{
"name": "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144586/Sync-Breeze-Enterprise-10.1.16-SEH-Overflow.html"
}
]
}
}

34
2017/17xxx/CVE-2017-17460.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17460",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17460",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/17xxx/CVE-2017-17593.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43237",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43237/"
},
{
"name" : "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43237",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43237/"
},
{
"name": "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145247/Simple-Chatting-System-1.0.0-Arbitrary-File-Upload.html"
}
]
}
}

130
2017/9xxx/CVE-2017-9528.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a \"User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528"
},
{
"name" : "http://www.irfanview.com/plugins.htm",
"refsource" : "CONFIRM",
"url" : "http://www.irfanview.com/plugins.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a \"User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9528"
},
{
"name": "http://www.irfanview.com/plugins.htm",
"refsource": "CONFIRM",
"url": "http://www.irfanview.com/plugins.htm"
}
]
}
}

148
2017/9xxx/CVE-2017-9792.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-09-29T00:00:00",
"ID" : "CVE-2017-9792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Impala",
"version" : {
"version_data" : [
{
"version_value" : "2.8.0 incubating"
},
{
"version_value" : "2.9.0 incubating"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Impala (incubating) before 2.10.0, a malicious user with \"ALTER\" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it \"external\" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an \"ALL\" privilege at the server scope. This privilege requirement for \"CREATE\" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for \"ALTER\" commands that would make existing non-external Kudu tables external."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-09-29T00:00:00",
"ID": "CVE-2017-9792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Impala",
"version": {
"version_data": [
{
"version_value": "2.8.0 incubating"
},
{
"version_value": "2.9.0 incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20170929 CVE-2017-9792 Apache Impala (incubating) Information Disclosure",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/74a163df0cdefcd738c8d18821e69aa69eed2ba5384c0cc255d15c4b@%3Cannounce.apache.org%3E"
},
{
"name" : "https://issues.apache.org/jira/browse/IMPALA-5638",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/IMPALA-5638"
},
{
"name" : "101173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Impala (incubating) before 2.10.0, a malicious user with \"ALTER\" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it \"external\" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an \"ALL\" privilege at the server scope. This privilege requirement for \"CREATE\" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for \"ALTER\" commands that would make existing non-external Kudu tables external."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/IMPALA-5638",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/IMPALA-5638"
},
{
"name": "101173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101173"
},
{
"name": "[announce] 20170929 CVE-2017-9792 Apache Impala (incubating) Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/74a163df0cdefcd738c8d18821e69aa69eed2ba5384c0cc255d15c4b@%3Cannounce.apache.org%3E"
}
]
}
}

130
2017/9xxx/CVE-2017-9937.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2707",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2707"
},
{
"name" : "99304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2707",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2707"
},
{
"name": "99304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99304"
}
]
}
}

236
2018/0xxx/CVE-2018-0035.json
View File

@ -1,120 +1,120 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0035",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "QFX5200 and QFX10002",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D60"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "Customer can identify whether their device is affected by running the following commands from the Junos OS shell:\n\nAffected System :\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@:RE:0~# grub-fstest /dev/sda2 ls /var/tmp /onie/ | grep onie \n vmlinuz-3.2.35-onie initrd.img-3.2.35-onie tools/ grub/ grub.d/ \n root@:RE:0:~# \nNote: the two files, vmlinuz-3.2.35-onie and initrd.img-3.2.35-onie (version may vary) will be present.\n\nNon-affected System:\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@local-node:~# grub-fstest /dev/sda2 ls /onie/ | grep onie \n root@local-node:~# \nNote: no grep output related to ONIE partition."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 4.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service\n"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0035",
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX5200 and QFX10002: Unintended ONIE partition was shipped with certain Junos OS .bin and .iso images"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "QFX5200 and QFX10002",
"version_name": "15.1X53",
"version_value": "15.1X53-D60"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10869",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10869"
},
{
"name" : "1041336",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041336"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page.\nThe affected Junos image files have been removed from the Juniper download page."
}
],
"source" : {
"advisory" : "JSA10869",
"defect" : [
"1335427",
"1335713"
],
"discovery" : "INTERNAL"
},
"work_around" : [
{
"lang" : "eng",
"value" : "There are no known workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators."
}
]
}
}
},
"configuration": [
{
"lang": "eng",
"value": "Customer can identify whether their device is affected by running the following commands from the Junos OS shell:\n\nAffected System :\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@:RE:0~# grub-fstest /dev/sda2 ls /var/tmp /onie/ | grep onie \n vmlinuz-3.2.35-onie initrd.img-3.2.35-onie tools/ grub/ grub.d/ \n root@:RE:0:~# \nNote: the two files, vmlinuz-3.2.35-onie and initrd.img-3.2.35-onie (version may vary) will be present.\n\nNon-affected System:\n root@:RE:0% rsh -l root -JU __juniper_private4__ 192.168.1.1 \n root@local-node:~# grub-fstest /dev/sda2 ls /onie/ | grep onie \n root@local-node:~# \nNote: no grep output related to ONIE partition."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10869",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10869"
},
{
"name": "1041336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041336"
}
]
},
"solution": [
{
"lang": "eng",
"value": "In order to resolve this issue (remove the ONIE partition from the device), customer needs to reimage the device using the USB or PXE image from the Juniper download page.\nThe affected Junos image files have been removed from the Juniper download page."
}
],
"source": {
"advisory": "JSA10869",
"defect": [
"1335427",
"1335713"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to device only from trusted, administrative networks or hosts. Limit CLI access to the device from only trusted hosts and administrators."
}
]
}

154
2018/0xxx/CVE-2018-0444.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-05T16:00:00-0500",
"ID" : "CVE-2018-0444",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Packaged Contact Center Enterprise ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.1",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID": "CVE-2018-0444",
"STATE": "PUBLIC",
"TITLE": "Cisco Packaged Contact Center Enterprise Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Packaged Contact Center Enterprise ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180905-pcce",
"defect" : [
[
"CSCvi88426"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180905 Multiple Vulnerabilities in Cisco Packaged Contact Center Enterprise",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce"
}
]
},
"source": {
"advisory": "cisco-sa-20180905-pcce",
"defect": [
[
"CSCvi88426"
]
],
"discovery": "UNKNOWN"
}
}

120
2018/0xxx/CVE-2018-0584.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IIJ SmartKey App for Android",
"version" : {
"version_data" : [
{
"version_value" : "version 2.1.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Internet Initiative Japan Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIJ SmartKey App for Android",
"version": {
"version_data": [
{
"version_value": "version 2.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Internet Initiative Japan Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#27137002",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27137002/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#27137002",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27137002/index.html"
}
]
}
}

130
2018/0xxx/CVE-2018-0634.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HC100RC",
"version" : {
"version_data" : [
{
"version_value" : "Ver1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEC Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HC100RC",
"version": {
"version_data": [
{
"version_value": "Ver1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource" : "MISC",
"url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name" : "JVN#84825660",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN84825660/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#84825660",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN84825660/index.html"
},
{
"name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
}
]
}
}

152
2018/0xxx/CVE-2018-0877.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Desktop Bridge Virtual File System",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka \"Windows Desktop Bridge VFS Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Desktop Bridge Virtual File System",
"version": {
"version_data": [
{
"version_value": "Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44313",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44313/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877"
},
{
"name" : "103227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103227"
},
{
"name" : "1040520",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka \"Windows Desktop Bridge VFS Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040520"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877"
},
{
"name": "103227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103227"
},
{
"name": "44313",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44313/"
}
]
}
}

134
2018/1000xxx/CVE-2018-1000201.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-04-06",
"ID" : "CVE-2018-1000201",
"REQUESTER" : "lars@greiz-reinsdorf.de",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ruby-ffi ",
"version" : {
"version_data" : [
{
"version_value" : "1.9.23 and earlier"
}
]
}
}
]
},
"vendor_name" : "ruby-ffi"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-427: Uncontrolled Search Path Element"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-04-06",
"ID": "CVE-2018-1000201",
"REQUESTER": "lars@greiz-reinsdorf.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a",
"refsource" : "CONFIRM",
"url" : "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a"
},
{
"name" : "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c",
"refsource" : "CONFIRM",
"url" : "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c",
"refsource": "CONFIRM",
"url": "https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c"
},
{
"name": "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a",
"refsource": "CONFIRM",
"url": "https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a"
}
]
}
}

120
2018/18xxx/CVE-2018-18867.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/trippo/ResponsiveFilemanager/issues/506",
"refsource" : "MISC",
"url" : "https://github.com/trippo/ResponsiveFilemanager/issues/506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/trippo/ResponsiveFilemanager/issues/506",
"refsource": "MISC",
"url": "https://github.com/trippo/ResponsiveFilemanager/issues/506"
}
]
}
}

34
2018/19xxx/CVE-2018-19164.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19164",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19164",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/19xxx/CVE-2018-19541.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"name" : "https://github.com/mdadams/jasper/issues/182",
"refsource" : "MISC",
"url" : "https://github.com/mdadams/jasper/issues/182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"name": "https://github.com/mdadams/jasper/issues/182",
"refsource": "MISC",
"url": "https://github.com/mdadams/jasper/issues/182"
}
]
}
}

34
2018/19xxx/CVE-2018-19803.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19803",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19803",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/19xxx/CVE-2018-19898.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/thinkcmf/cmfx/issues/26",
"refsource" : "MISC",
"url" : "https://github.com/thinkcmf/cmfx/issues/26"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thinkcmf/cmfx/issues/26",
"refsource": "MISC",
"url": "https://github.com/thinkcmf/cmfx/issues/26"
}
]
}
}

122
2018/1xxx/CVE-2018-1146.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-04-16T00:00:00",
"ID" : "CVE-2018-1146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)",
"version" : {
"version_data" : [
{
"version_value" : "Firmware 1.10.22?"
}
]
}
}
]
},
"vendor_name" : "Belkin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-04-16T00:00:00",
"ID": "CVE-2018-1146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)",
"version": {
"version_data": [
{
"version_value": "Firmware 1.10.22?"
}
]
}
}
]
},
"vendor_name": "Belkin"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-08",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-08"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-08",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-08"
}
]
}
}

172
2018/1xxx/CVE-2018-1732.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-03T00:00:00",
"ID" : "CVE-2018-1732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "1.14.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-03T00:00:00",
"ID": "CVE-2018-1732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10736009"
},
{
"name" : "ibm-qradar-cve20181732-info-disc(147810)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147810"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.300",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10736009",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10736009"
},
{
"name": "ibm-qradar-cve20181732-info-disc(147810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147810"
}
]
}
}

34
2018/1xxx/CVE-2018-1917.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1917",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1917",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}