admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:55:07 +00:00
parent df7ae1c611
commit b26f77ae3e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3748 additions and 3750 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2004/0xxx/CVE-2004-0086.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0086", "ID": "CVE-2004-0086",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2004-01-26", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" "lang": "eng",
}, "value": "Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085."
{ }
"name" : "9504", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9504" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-01-26",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html"
},
{
"name": "9504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9504"
}
]
}
}

170
2004/0xxx/CVE-2004-0127.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0127", "ID": "CVE-2004-0127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/352355" "lang": "eng",
}, "value": "Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter."
{ }
"name" : "9529", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9529" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3768", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=3768" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1008892", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1008892" ]
}, },
{ "references": {
"name" : "10753", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10753/" "name": "3768",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=3768"
"name" : "phpgedview-editconfig-directory-traversal(15129)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15129" "name": "9529",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/9529"
} },
} {
"name": "1008892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008892"
},
{
"name": "20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/352355"
},
{
"name": "10753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10753/"
},
{
"name": "phpgedview-editconfig-directory-traversal(15129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15129"
}
]
}
}

150
2004/0xxx/CVE-2004-0515.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0515", "ID": "CVE-2004-0515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to \"handling of console log files.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2004-05-28", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.seifried.org/pipermail/security/2004-May/003743.html" "lang": "eng",
}, "value": "Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to \"handling of console log files.\""
{ }
"name" : "10432", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10432" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1010330", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010330" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "macosx-loginwindow-gain-privileges(16289)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16289" ]
} },
] "references": {
} "reference_data": [
} {
"name": "macosx-loginwindow-gain-privileges(16289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16289"
},
{
"name": "APPLE-SA-2004-05-28",
"refsource": "APPLE",
"url": "http://lists.seifried.org/pipermail/security/2004-May/003743.html"
},
{
"name": "10432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10432"
},
{
"name": "1010330",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010330"
}
]
}
}

240
2004/0xxx/CVE-2004-0752.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0752", "ID": "CVE-2004-0752",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109483308421566&w=2" "lang": "eng",
}, "value": "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users."
{ }
"name" : "http://www.openoffice.org/issues/show_bug.cgi?id=33357", ]
"refsource" : "CONFIRM", },
"url" : "http://www.openoffice.org/issues/show_bug.cgi?id=33357" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2004:446", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-446.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11151", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11151" ]
}, },
{ "references": {
"name" : "9804", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/9804" "name": "11151",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11151"
"name" : "oval:org.mitre.oval:def:10294", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294" "name": "12302",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12302/"
"name" : "1011205", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1011205" "name": "9804",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/9804"
"name" : "12302", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12302/" "name": "12546",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12546/"
"name" : "12546", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12546/" "name": "RHSA-2004:446",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-446.html"
"name" : "12668", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12668/" "name": "12668",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12668/"
"name" : "12914", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12914/" "name": "20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=109483308421566&w=2"
"name" : "12932", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12932/" "name": "oval:org.mitre.oval:def:10294",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294"
"name" : "openofficeorg-tmpfile-insecure-permissions(17312)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312" "name": "http://www.openoffice.org/issues/show_bug.cgi?id=33357",
} "refsource": "CONFIRM",
] "url": "http://www.openoffice.org/issues/show_bug.cgi?id=33357"
} },
} {
"name": "12914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12914/"
},
{
"name": "12932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12932/"
},
{
"name": "openofficeorg-tmpfile-insecure-permissions(17312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312"
},
{
"name": "1011205",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011205"
}
]
}
}

270
2004/1xxx/CVE-2004-1049.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1049", "ID": "CVE-2004-1049",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the \"Cursor and Icon Format Handling Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041223 Microsoft Windows LoadImage API Integer Buffer overflow ", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110382891718076&w=2" "lang": "eng",
}, "value": "Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the \"Cursor and Icon Format Handling Vulnerability.\""
{ }
"name" : "http://www.xfocus.net/flashsky/icoExp/index.html", ]
"refsource" : "MISC", },
"url" : "http://www.xfocus.net/flashsky/icoExp/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS05-002", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA05-012A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-012A.html" ]
}, },
{ "references": {
"name" : "VU#625856", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/625856" "name": "13645",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/13645"
"name" : "P-094", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/p-094.shtml" "name": "oval:org.mitre.oval:def:3220",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220"
"name" : "12095", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12095" "name": "oval:org.mitre.oval:def:3097",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097"
"name" : "12623", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/12623" "name": "MS05-002",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002"
"name" : "oval:org.mitre.oval:def:2956", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956" "name": "oval:org.mitre.oval:def:2956",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956"
"name" : "oval:org.mitre.oval:def:3097", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097" "refsource": "BUGTRAQ",
}, "name": "20041223 Microsoft Windows LoadImage API Integer Buffer overflow",
{ "url": "http://marc.info/?l=bugtraq&m=110382891718076&w=2"
"name" : "oval:org.mitre.oval:def:3220", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220" "name": "1012684",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1012684"
"name" : "oval:org.mitre.oval:def:3355", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355" "name": "win-loadimage-bo(18668)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18668"
"name" : "oval:org.mitre.oval:def:4671", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671" "name": "P-094",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/p-094.shtml"
"name" : "1012684", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012684" "name": "oval:org.mitre.oval:def:3355",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355"
"name" : "13645", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13645" "name": "12095",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12095"
"name" : "win-loadimage-bo(18668)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18668" "name": "http://www.xfocus.net/flashsky/icoExp/index.html",
} "refsource": "MISC",
] "url": "http://www.xfocus.net/flashsky/icoExp/index.html"
} },
} {
"name": "TA05-012A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-012A.html"
},
{
"name": "oval:org.mitre.oval:def:4671",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671"
},
{
"name": "12623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12623"
},
{
"name": "VU#625856",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/625856"
}
]
}
}

160
2004/1xxx/CVE-2004-1844.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1844", "ID": "CVE-2004-1844",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040322 Vulnerabilities in Member Management System 2.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107999697625786&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp."
{ }
"name" : "9932", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9932" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1009508", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1009508" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11179", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11179" ]
}, },
{ "references": {
"name" : "mms-xss(15552)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15552" "name": "20040322 Vulnerabilities in Member Management System 2.1",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=107999697625786&w=2"
} },
} {
"name": "11179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11179"
},
{
"name": "9932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9932"
},
{
"name": "mms-xss(15552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15552"
},
{
"name": "1009508",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009508"
}
]
}
}

240
2008/2xxx/CVE-2008-2286.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2286", "ID": "CVE-2008-2286",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492127/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet."
{ }
"name" : "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/492229/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29552", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/29552" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-024/", ]
"refsource" : "MISC", }
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-024/" ]
}, },
{ "references": {
"name" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html" "name": "29198",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29198"
"name" : "HPSBMA02369", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" "name": "symantec-altiris-axengine-sql-injection(42436)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436"
"name" : "SSRT080115", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" "name": "ADV-2008-1542",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1542/references"
"name" : "29198", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29198" "name": "SSRT080115",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
"name" : "45313", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/45313" "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/"
"name" : "1020024", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020024" "name": "HPSBMA02369",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
"name" : "ADV-2008-1542", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1542/references" "name": "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded"
"name" : "30261", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30261" "name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
"name" : "symantec-altiris-axengine-sql-injection(42436)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436" "name": "29552",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/29552"
} },
} {
"name": "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded"
},
{
"name": "45313",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/45313"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}

190
2008/2xxx/CVE-2008-2368.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-2368", "ID": "CVE-2008-2368",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=452000", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=452000" "lang": "eng",
}, "value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files."
{ }
"name" : "RHSA-2009:0006", ]
"refsource" : "REDHAT", },
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0006.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2009:0007", "description": [
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0007.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33288", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33288" ]
}, },
{ "references": {
"name" : "ADV-2009-0145", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0145" "name": "33540",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33540"
"name" : "1021608", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1021608" "name": "ADV-2009-0145",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0145"
"name" : "33540", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33540" "name": "33288",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33288"
"name" : "redhat-cs-debuglog-info-disclosure(48022)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022" "name": "1021608",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1021608"
} },
} {
"name": "RHSA-2009:0006",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=452000",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000"
},
{
"name": "RHSA-2009:0007",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"
},
{
"name": "redhat-cs-debuglog-info-disclosure(48022)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022"
}
]
}
}

150
2008/2xxx/CVE-2008-2645.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2645", "ID": "CVE-2008-2645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5722", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5722" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences."
{ }
"name" : "29469", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29469" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1718", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1718/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "booby-renderer-file-include(42784)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42784" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2008-1718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1718/references"
},
{
"name": "5722",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5722"
},
{
"name": "booby-renderer-file-include(42784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42784"
},
{
"name": "29469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29469"
}
]
}
}

210
2008/3xxx/CVE-2008-3004.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-3004", "ID": "CVE-2008-3004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Indexing Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080812 Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=740" "lang": "eng",
}, "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Indexing Validation Vulnerability.\""
{ }
"name" : "HPSBST02360", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT080117", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS08-043", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043" ]
}, },
{ "references": {
"name" : "TA08-225A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" "name": "1020670",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020670"
"name" : "30638", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30638" "name": "oval:org.mitre.oval:def:5885",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5885"
"name" : "oval:org.mitre.oval:def:5885", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5885" "name": "TA08-225A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
"name" : "ADV-2008-2347", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2347" "name": "HPSBST02360",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
"name" : "1020670", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020670" "name": "SSRT080117",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
"name" : "31454", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31454" "name": "MS08-043",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043"
} },
} {
"name": "20080812 Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=740"
},
{
"name": "31454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31454"
},
{
"name": "30638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30638"
},
{
"name": "ADV-2008-2347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2347"
}
]
}
}

200
2008/3xxx/CVE-2008-3219.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3219", "ID": "CVE-2008-3219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not \"prevent use of the object HTML tag in administrator input,\" which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/07/10/3" "lang": "eng",
}, "value": "The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not \"prevent use of the object HTML tag in administrator input,\" which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism."
{ }
"name" : "http://drupal.org/node/280571", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/280571" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=454849", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=454849" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-6411", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html" ]
}, },
{ "references": {
"name" : "FEDORA-2008-6415", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html" "name": "30168",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30168"
"name" : "FEDORA-2008-6916", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html" "name": "http://drupal.org/node/280571",
}, "refsource": "CONFIRM",
{ "url": "http://drupal.org/node/280571"
"name" : "30168", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30168" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=454849",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454849"
"name" : "31079", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31079" "name": "FEDORA-2008-6916",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html"
"name" : "openid-unspecified-xss(43701)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43701" "name": "31079",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31079"
} },
} {
"name": "FEDORA-2008-6415",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html"
},
{
"name": "[oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/10/3"
},
{
"name": "FEDORA-2008-6411",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html"
},
{
"name": "openid-unspecified-xss(43701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43701"
}
]
}
}

170
2008/3xxx/CVE-2008-3492.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3492", "ID": "CVE-2008-3492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080802 Server termination in America's Army 2.8.3.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495061/100/0/threaded" "lang": "eng",
}, "value": "America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS."
{ }
"name" : "http://aluigi.altervista.org/adv/armynchia-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/armynchia-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.org/poc/armynchia.zip", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/poc/armynchia.zip" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30519", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/30519" ]
}, },
{ "references": {
"name" : "31353", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31353" "name": "31353",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31353"
"name" : "americasarmy-type4-dos(44152)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44152" "name": "americasarmy-type4-dos(44152)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44152"
} },
} {
"name": "20080802 Server termination in America's Army 2.8.3.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495061/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/armynchia-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/armynchia-adv.txt"
},
{
"name": "http://aluigi.org/poc/armynchia.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/armynchia.zip"
},
{
"name": "30519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30519"
}
]
}
}

170
2008/3xxx/CVE-2008-3756.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3756", "ID": "CVE-2008-3756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6941", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6941" "lang": "eng",
}, "value": "SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "http://packetstormsecurity.org/0808-exploits/viral-sql.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/0808-exploits/viral-sql.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30764", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30764" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2984", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2984" ]
}, },
{ "references": {
"name" : "31541", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31541" "name": "viralmarketing-tr-sql-injection(44562)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44562"
"name" : "viralmarketing-tr-sql-injection(44562)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44562" "name": "30764",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30764"
} },
} {
"name": "6941",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6941"
},
{
"name": "31541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31541"
},
{
"name": "ADV-2008-2984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2984"
},
{
"name": "http://packetstormsecurity.org/0808-exploits/viral-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0808-exploits/viral-sql.txt"
}
]
}
}

180
2008/3xxx/CVE-2008-3898.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3898", "ID": "CVE-2008-3898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080825 [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495803/100/0/threaded" "lang": "eng",
}, "value": "Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer."
{ }
"name" : "http://www.ivizsecurity.com/preboot-patch.html", ]
"refsource" : "MISC", },
"url" : "http://www.ivizsecurity.com/preboot-patch.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html", ]
"refsource" : "MISC", }
"url" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html" ]
}, },
{ "references": {
"name" : "30818", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30818" "name": "31605",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31605"
"name" : "31605", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31605" "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html",
}, "refsource": "MISC",
{ "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html"
"name" : "4213", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4213" "name": "30818",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30818"
} },
} {
"name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495803/100/0/threaded"
},
{
"name": "4213",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4213"
}
]
}
}

170
2008/4xxx/CVE-2008-4346.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4346", "ID": "CVE-2008-4346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6451", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6451" "lang": "eng",
}, "value": "Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371."
{ }
"name" : "31164", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31164" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2565", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2565" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31879", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31879" ]
}, },
{ "references": {
"name" : "4267", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4267" "name": "6451",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/6451"
"name" : "talkback-comments-file-include(45102)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45102" "name": "talkback-comments-file-include(45102)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45102"
} },
} {
"name": "ADV-2008-2565",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2565"
},
{
"name": "4267",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4267"
},
{
"name": "31879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31879"
},
{
"name": "31164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31164"
}
]
}
}

130
2008/6xxx/CVE-2008-6019.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6019", "ID": "CVE-2008-6019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "32906", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32906" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "docms-index-sql-injection(47467)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47467" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "docms-index-sql-injection(47467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47467"
},
{
"name": "32906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32906"
}
]
}
}

140
2008/6xxx/CVE-2008-6076.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6076", "ID": "CVE-2008-6076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6802", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6802" "lang": "eng",
}, "value": "SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php."
{ }
"name" : "31870", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31870" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dailymessage-id-sql-injection(46033)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46033" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6802",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6802"
},
{
"name": "31870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31870"
},
{
"name": "dailymessage-id-sql-injection(46033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46033"
}
]
}
}

120
2008/6xxx/CVE-2008-6391.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6391", "ID": "CVE-2008-6391",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "jbook-unspecified-sql-injection(47033)", "description_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033" "lang": "eng",
} "value": "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter)."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jbook-unspecified-sql-injection(47033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033"
}
]
}
}

130
2008/6xxx/CVE-2008-6785.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6785", "ID": "CVE-2008-6785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7509", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7509" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file."
{ }
"name" : "minifilehost-name-file-upload(47460)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47460" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7509",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7509"
},
{
"name": "minifilehost-name-file-upload(47460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47460"
}
]
}
}

290
2008/7xxx/CVE-2008-7092.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7092", "ID": "CVE-2008-7092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.portcullis.co.uk/286.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.portcullis.co.uk/286.php" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors."
{ }
"name" : "http://www.portcullis.co.uk/288.php", ]
"refsource" : "MISC", },
"url" : "http://www.portcullis.co.uk/288.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.portcullis.co.uk/289.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.portcullis.co.uk/289.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.portcullis.co.uk/290.php", ]
"refsource" : "MISC", }
"url" : "http://www.portcullis.co.uk/290.php" ]
}, },
{ "references": {
"name" : "30433", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30433" "name": "affiniumcampaign-campaignlistener-xss(44073)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44073"
"name" : "47520", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47520" "name": "47528",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47528"
"name" : "47521", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47521" "name": "31280",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31280"
"name" : "47522", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47522" "name": "47524",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47524"
"name" : "47523", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47523" "name": "30433",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30433"
"name" : "47524", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47524" "name": "47520",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47520"
"name" : "47525", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47525" "name": "47523",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47523"
"name" : "47526", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47526" "name": "47526",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47526"
"name" : "47528", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47528" "name": "affiniumcampaign-multiple-xss(44074)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44074"
"name" : "47530", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47530" "name": "47530",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47530"
"name" : "31280", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31280" "name": "http://www.portcullis.co.uk/289.php",
}, "refsource": "MISC",
{ "url": "http://www.portcullis.co.uk/289.php"
"name" : "affiniumcampaign-campaignlistener-xss(44073)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44073" "name": "47522",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/47522"
"name" : "affiniumcampaign-displayicon-xss(44072)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44072" "name": "http://www.portcullis.co.uk/290.php",
}, "refsource": "MISC",
{ "url": "http://www.portcullis.co.uk/290.php"
"name" : "affiniumcampaign-multiple-xss(44074)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44074" "name": "47525",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/47525"
} },
} {
"name": "http://www.portcullis.co.uk/286.php",
"refsource": "MISC",
"url": "http://www.portcullis.co.uk/286.php"
},
{
"name": "affiniumcampaign-displayicon-xss(44072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44072"
},
{
"name": "47521",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47521"
},
{
"name": "http://www.portcullis.co.uk/288.php",
"refsource": "MISC",
"url": "http://www.portcullis.co.uk/288.php"
}
]
}
}

140
2008/7xxx/CVE-2008-7170.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7170", "ID": "CVE-2008-7170",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080614 GSC Privilege Escalation Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493355/100/0/threaded" "lang": "eng",
}, "value": "GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet."
{ }
"name" : "29718", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29718" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "gsc-admin-security-bypass(43120)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43120" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "29718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29718"
},
{
"name": "gsc-admin-security-bypass(43120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43120"
},
{
"name": "20080614 GSC Privilege Escalation Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493355/100/0/threaded"
}
]
}
}

430
2013/2xxx/CVE-2013-2459.json
View File

@ -1,217 +1,217 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2459", "ID": "CVE-2013-2459",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"integer overflow checks.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86", "description_data": [
"refsource" : "MISC", {
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"integer overflow checks.\""
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975121", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975121" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", ]
"refsource" : "CONFIRM", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" ]
}, },
{ "references": {
"name" : "http://advisories.mageia.org/MGASA-2013-0185.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2013-0185.html" "name": "RHSA-2013:1060",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "HPSBUX02908",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2"
"name" : "HPSBUX02922", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "SSRT101305", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "HPSBUX02907", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
"name" : "HPSBUX02908", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" "name": "SUSE-SU-2013:1264",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html"
"name" : "MDVSA-2013:183", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" "name": "SUSE-SU-2013:1257",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
"name" : "RHSA-2013:0963", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" "name": "oval:org.mitre.oval:def:17181",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17181"
"name" : "RHSA-2013:1081", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" "name": "HPSBUX02907",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
"name" : "RHSA-2013:1060", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" "name": "oval:org.mitre.oval:def:19587",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19587"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "SUSE-SU-2013:1256",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "54154",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54154"
"name" : "RHSA-2013:1059", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "SSRT101305",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name" : "SUSE-SU-2013:1305", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" "name": "HPSBUX02922",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name" : "SUSE-SU-2013:1293", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" "name": "SUSE-SU-2013:1263",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
"name" : "SUSE-SU-2013:1255", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" "name": "RHSA-2013:1059",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
"name" : "SUSE-SU-2013:1256", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" "name": "oval:org.mitre.oval:def:19741",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19741"
"name" : "SUSE-SU-2013:1257", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86",
}, "refsource": "MISC",
{ "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86"
"name" : "SUSE-SU-2013:1263", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975121",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975121"
"name" : "SUSE-SU-2013:1264", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" "name": "SUSE-SU-2013:1293",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
"name" : "TA13-169A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" "name": "RHSA-2013:1081",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
"name" : "60647", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60647" "name": "TA13-169A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
"name" : "oval:org.mitre.oval:def:17181", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17181" "name": "http://advisories.mageia.org/MGASA-2013-0185.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2013-0185.html"
"name" : "oval:org.mitre.oval:def:19310", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19310" "name": "60647",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/60647"
"name" : "oval:org.mitre.oval:def:19587", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19587" "name": "RHSA-2013:0963",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
"name" : "oval:org.mitre.oval:def:19741", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19741" "name": "oval:org.mitre.oval:def:19310",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19310"
"name" : "54154", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54154" "name": "SUSE-SU-2013:1255",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
} },
} {
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "MDVSA-2013:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name": "SUSE-SU-2013:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
}
]
}
}

230
2013/2xxx/CVE-2013-2486.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2486", "ID": "CVE-2013-2486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805" "lang": "eng",
}, "value": "The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-21.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-21.html" ]
}, },
{ "references": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364" "name": "openSUSE-SU-2013:0494",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html"
"name" : "openSUSE-SU-2013:0494", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" "name": "53425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/53425"
"name" : "openSUSE-SU-2013:0506", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364"
"name" : "openSUSE-SU-2013:0911", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html" "name": "openSUSE-SU-2013:0911",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
"name" : "openSUSE-SU-2013:0947", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html" "name": "http://www.wireshark.org/security/wnpa-sec-2013-21.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2013-21.html"
"name" : "oval:org.mitre.oval:def:16109", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16109" "name": "oval:org.mitre.oval:def:16109",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16109"
"name" : "52471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52471" "name": "52471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52471"
"name" : "53425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53425" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html",
} "refsource": "CONFIRM",
] "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html"
} },
} {
"name": "openSUSE-SU-2013:0506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805"
},
{
"name": "openSUSE-SU-2013:0947",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
}
]
}
}

34
2013/2xxx/CVE-2013-2665.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2665", "ID": "CVE-2013-2665",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/11xxx/CVE-2017-11262.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-11262", "ID": "CVE-2017-11262",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Acrobat Reader", "product_name": "Acrobat Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2017.009.20058 and earlier" "version_value": "2017.009.20058 and earlier"
}, },
{ {
"version_value" : "2017.008.30051 and earlier" "version_value": "2017.008.30051 and earlier"
}, },
{ {
"version_value" : "2015.006.30306 and earlier" "version_value": "2015.006.30306 and earlier"
}, },
{ {
"version_value" : "11.0.20 and earlier" "version_value": "11.0.20 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe Systems Incorporated" "vendor_name": "Adobe Systems Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "100179", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100179" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039098", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039098" "lang": "eng",
} "value": "Memory Corruption"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
},
{
"name": "100179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100179"
}
]
}
}

120
2017/11xxx/CVE-2017-11325.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11325", "ID": "CVE-2017-11325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" "lang": "eng",
} "value": "An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/"
}
]
}
}

130
2017/11xxx/CVE-2017-11345.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11345", "ID": "CVE-2017-11345",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2017/07/14/3", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2017/07/14/3" "lang": "eng",
}, "value": "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response."
{ }
"name" : "https://asuswrt.lostrealm.ca/changelog", ]
"refsource" : "CONFIRM", },
"url" : "https://asuswrt.lostrealm.ca/changelog" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://asuswrt.lostrealm.ca/changelog",
"refsource": "CONFIRM",
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/07/14/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
}
]
}
}

34
2017/14xxx/CVE-2017-14067.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14067", "ID": "CVE-2017-14067",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14605.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14605", "ID": "CVE-2017-14605",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14707.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14707", "ID": "CVE-2017-14707",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14848.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14848", "ID": "CVE-2017-14848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42924", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42924/" "lang": "eng",
}, "value": "WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter."
{ }
"name" : "https://wpvulndb.com/vulnerabilities/8929", ]
"refsource" : "MISC", },
"url" : "https://wpvulndb.com/vulnerabilities/8929" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42924",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42924/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8929",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8929"
}
]
}
}

130
2017/15xxx/CVE-2017-15033.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15033", "ID": "CVE-2017-15033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683" "lang": "eng",
}, "value": "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c."
{ }
"name" : "USN-3681-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3681-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683"
}
]
}
}

34
2017/15xxx/CVE-2017-15500.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15500", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15500",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/15xxx/CVE-2017-15508.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15508", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15508",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

152
2017/15xxx/CVE-2017-15702.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-11-30T00:00:00", "DATE_PUBLIC": "2017-11-30T00:00:00",
"ID" : "CVE-2017-15702", "ID": "CVE-2017-15702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Qpid Broker-J", "product_name": "Apache Qpid Broker-J",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.18 through 0.32" "version_value": "0.18 through 0.32"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090@%3Cdev.qpid.apache.org%3E" "lang": "eng",
}, "value": "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."
{ }
"name" : "https://issues.apache.org/jira/browse/QPID-8039", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/QPID-8039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://qpid.apache.org/cves/CVE-2017-15702.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://qpid.apache.org/cves/CVE-2017-15702.html" "lang": "eng",
}, "value": "Authentication vulnerability"
{ }
"name" : "102040", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/102040" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://issues.apache.org/jira/browse/QPID-8039",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-8039"
},
{
"name": "102040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102040"
},
{
"name": "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090@%3Cdev.qpid.apache.org%3E"
},
{
"name": "https://qpid.apache.org/cves/CVE-2017-15702.html",
"refsource": "CONFIRM",
"url": "https://qpid.apache.org/cves/CVE-2017-15702.html"
}
]
}
}

160
2017/9xxx/CVE-2017-9031.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9031", "ID": "CVE-2017-9031",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15" "lang": "eng",
}, "value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file."
{ }
"name" : "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd", ]
"refsource" : "CONFIRM", },
"url" : "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.debian.org/862611", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/862611" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3856", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3856" ]
}, },
{ "references": {
"name" : "99099", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99099" "name": "99099",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/99099"
} },
} {
"name": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15",
"refsource": "CONFIRM",
"url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15"
},
{
"name": "DSA-3856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3856"
},
{
"name": "https://bugs.debian.org/862611",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/862611"
},
{
"name": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd",
"refsource": "CONFIRM",
"url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd"
}
]
}
}

120
2017/9xxx/CVE-2017-9902.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9902", "ID": "CVE-2017-9902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902"
}
]
}
}

300
2018/0xxx/CVE-2018-0004.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC" : "2018-01-10T17:00:00.000Z", "DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID" : "CVE-2018-0004", "ID": "CVE-2018-0004",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Junos OS: Kernel Denial of Service Vulnerability" "TITLE": "Junos OS: Kernel Denial of Service Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Junos OS", "product_name": "Junos OS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "12.1X46", "version_name": "12.1X46",
"version_value" : "12.1X46-D50" "version_value": "12.1X46-D50"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "12.3X48", "version_name": "12.3X48",
"version_value" : "12.3X48-D30" "version_value": "12.3X48-D30"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "12.3R", "version_name": "12.3R",
"version_value" : "12.3R12-S7" "version_value": "12.3R12-S7"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "14.1", "version_name": "14.1",
"version_value" : "14.1R8-S4, 14.1R9" "version_value": "14.1R8-S4, 14.1R9"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "14.1X53", "version_name": "14.1X53",
"version_value" : "14.1X53-D30, 14.1X53-D34" "version_value": "14.1X53-D30, 14.1X53-D34"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "14.2", "version_name": "14.2",
"version_value" : "14.2R8" "version_value": "14.2R8"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "15.1", "version_name": "15.1",
"version_value" : "15.1F6, 15.1R3" "version_value": "15.1F6, 15.1R3"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "15.1X49", "version_name": "15.1X49",
"version_value" : "15.1X49-D40" "version_value": "15.1X49-D40"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "15.1X53", "version_name": "15.1X53",
"version_value" : "15.1X53-D31, 15.1X53-D33, 15.1X53-D60" "version_value": "15.1X53-D31, 15.1X53-D33, 15.1X53-D60"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "High CPU consumption\nDistributed Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10832", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10832" "lang": "eng",
}, "value": "A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue."
{ }
"name" : "1040183", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1040183" "exploit": [
} {
] "lang": "eng",
}, "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"solution" : [ }
{ ],
"lang" : "eng", "impact": {
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D50, 12.3R12-S7, 12.3X48-D30, 14.1R8-S4, 14.1R9, 14.1X53-D30, 14.1X53-D34, 14.2R8, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D31, 15.1X53-D33, 15.1X53-D60, 16.1R1, and all subsequent releases.\n" "cvss": {
} "attackComplexity": "LOW",
], "attackVector": "NETWORK",
"source" : { "availabilityImpact": "HIGH",
"advisory" : "JSA10832", "baseScore": 6.5,
"defect" : [ "baseSeverity": "MEDIUM",
"1145306" "confidentialityImpact": "NONE",
], "integrityImpact": "NONE",
"discovery" : "USER" "privilegesRequired": "NONE",
}, "scope": "UNCHANGED",
"work_around" : [ "userInteraction": "REQUIRED",
{ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"lang" : "eng", "version": "3.0"
"value" : "There are no viable workarounds for this issue.\n" }
} },
] "problemtype": {
} "problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "High CPU consumption\nDistributed Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040183",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040183"
},
{
"name": "https://kb.juniper.net/JSA10832",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10832"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D50, 12.3R12-S7, 12.3X48-D30, 14.1R8-S4, 14.1R9, 14.1X53-D30, 14.1X53-D34, 14.2R8, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D31, 15.1X53-D33, 15.1X53-D60, 16.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10832",
"defect": [
"1145306"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue.\n"
}
]
}

152
2018/0xxx/CVE-2018-0834.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00", "DATE_PUBLIC": "2018-02-13T00:00:00",
"ID" : "CVE-2018-0834", "ID": "CVE-2018-0834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge, ChakraCore", "product_name": "Microsoft Edge, ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Critical"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44078", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44078/" "lang": "eng",
}, "value": "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102859", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102859" "lang": "eng",
}, "value": "Critical"
{ }
"name" : "1040372", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040372" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834"
},
{
"name": "102859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102859"
},
{
"name": "44078",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44078/"
},
{
"name": "1040372",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040372"
}
]
}
}

36
2018/1000xxx/CVE-2018-1000063.json
View File

@ -1,20 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"DATE_ASSIGNED" : "2018-02-09", "data_version": "4.0",
"ID" : "CVE-2018-1000063", "CVE_data_meta": {
"REQUESTER" : "kurt@seifried.org", "ID": "CVE-2018-1000063",
"STATE" : "REJECT" "ASSIGNER": "cve@mitre.org",
}, "STATE": "REJECT"
"data_format" : "MITRE", },
"data_type" : "CVE", "description": {
"data_version" : "4.0", "description_data": [
"description" : { {
"description_data" : [ "lang": "eng",
{ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5379. Reason: This candidate is a reservation duplicate of CVE-2018-5379. Notes: All CVE users should reference CVE-2018-5379 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang" : "eng", }
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5379. Reason: This candidate is a reservation duplicate of CVE-2018-5379. Notes: All CVE users should reference CVE-2018-5379 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." ]
} }
] }
}
}

34
2018/12xxx/CVE-2018-12277.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12277", "ID": "CVE-2018-12277",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12288.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12288", "ID": "CVE-2018-12288",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/12xxx/CVE-2018-12307.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12307", "ID": "CVE-2018-12307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" "lang": "eng",
} "value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}

34
2018/12xxx/CVE-2018-12442.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12442", "ID": "CVE-2018-12442",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/12xxx/CVE-2018-12635.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12635", "ID": "CVE-2018-12635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.seebug.org/vuldb/ssvid-97353", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.seebug.org/vuldb/ssvid-97353" "lang": "eng",
} "value": "CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.seebug.org/vuldb/ssvid-97353",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97353"
}
]
}
}

120
2018/13xxx/CVE-2018-13086.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13086", "ID": "CVE-2018-13086",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md" "lang": "eng",
} "value": "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md",
"refsource": "MISC",
"url": "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md"
}
]
}
}

172
2018/16xxx/CVE-2018-16068.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-16068", "ID": "CVE-2018-16068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "69.0.3497.81" "version_value": "69.0.3497.81"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read and write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/877182", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/877182" "lang": "eng",
}, "value": "Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page."
{ }
"name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4289", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4289" "lang": "eng",
}, "value": "Out of bounds read and write"
{ }
"name" : "GLSA-201811-10", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201811-10" ]
}, },
{ "references": {
"name" : "RHSA-2018:2666", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2666" "name": "105215",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/105215"
"name" : "105215", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105215" "name": "DSA-4289",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4289"
} },
} {
"name": "https://crbug.com/877182",
"refsource": "MISC",
"url": "https://crbug.com/877182"
},
{
"name": "RHSA-2018:2666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2666"
},
{
"name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
}
]
}
}

172
2018/16xxx/CVE-2018-16071.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-16071", "ID": "CVE-2018-16071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "69.0.3497.81" "version_value": "69.0.3497.81"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45443", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45443/" "lang": "eng",
}, "value": "A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file."
{ }
"name" : "https://crbug.com/855211", ]
"refsource" : "MISC", },
"url" : "https://crbug.com/855211" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "Use after free"
{ }
"name" : "GLSA-201811-10", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201811-10" ]
}, },
{ "references": {
"name" : "RHSA-2018:2666", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2666" "name": "105215",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/105215"
"name" : "105215", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105215" "name": "RHSA-2018:2666",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:2666"
} },
} {
"name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "45443",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45443/"
},
{
"name": "https://crbug.com/855211",
"refsource": "MISC",
"url": "https://crbug.com/855211"
}
]
}
}

120
2018/16xxx/CVE-2018-16950.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16950", "ID": "CVE-2018-16950",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://twitter.com/cyberarchconsul/status/1039682695826169857", "description_data": [
"refsource" : "MISC", {
"url" : "https://twitter.com/cyberarchconsul/status/1039682695826169857" "lang": "eng",
} "value": "Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/cyberarchconsul/status/1039682695826169857",
"refsource": "MISC",
"url": "https://twitter.com/cyberarchconsul/status/1039682695826169857"
}
]
}
}

140
2018/4xxx/CVE-2018-4170.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4170", "ID": "CVE-2018-4170",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"Admin Framework\" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208692", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208692" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"Admin Framework\" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution."
{ }
"name" : "103582", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103582" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040608", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040608" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208692",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208692"
},
{
"name": "103582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103582"
},
{
"name": "1040608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040608"
}
]
}
}

34
2018/4xxx/CVE-2018-4318.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4318", "ID": "CVE-2018-4318",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4671.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4671", "ID": "CVE-2018-4671",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2018/4xxx/CVE-2018-4933.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4933", "ID": "CVE-2018-4933",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 29.0.0.113 and earlier versions", "product_name": "Adobe Flash Player 29.0.0.113 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 29.0.0.113 and earlier versions" "version_value": "Adobe Flash Player 29.0.0.113 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" "lang": "eng",
}, "value": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "GLSA-201804-11", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201804-11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:1119", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1119" "lang": "eng",
}, "value": "Out-of-bounds read"
{ }
"name" : "103708", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/103708" ]
}, },
{ "references": {
"name" : "1040648", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040648" "name": "103708",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/103708"
} },
} {
"name": "RHSA-2018:1119",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1119"
},
{
"name": "1040648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040648"
},
{
"name": "GLSA-201804-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-11"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html"
}
]
}
}