admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:30:01 +00:00
parent 6f3a652c1b
commit b7fe2618f8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3914 additions and 3914 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
2008/0xxx/CVE-2008-0234.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0234", "ID": "CVE-2008-0234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080110 Buffer-overflow in Quicktime Player 7.3.1.70", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486091/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message."
{ }
"name" : "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/486114/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486174/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/486161/100/0/threaded" ]
}, },
{ "references": {
"name" : "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486268/100/0/threaded" "name": "4885",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4885"
"name" : "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486241/100/0/threaded" "name": "quicktime-rtsp-responses-bo(39601)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601"
"name" : "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486238/100/0/threaded" "name": "20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486161/100/0/threaded"
"name" : "4885", },
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4885" "name": "20080110 Buffer-overflow in Quicktime Player 7.3.1.70",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486091/100/0/threaded"
"name" : "4906", },
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4906" "name": "ADV-2008-2064",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2064/references"
"name" : "APPLE-SA-2008-02-06", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html" "name": "APPLE-SA-2008-02-06",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html"
"name" : "APPLE-SA-2008-07-10", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html" "name": "4906",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4906"
"name" : "VU#112179", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/112179" "name": "31034",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31034"
"name" : "27225", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27225" "name": "20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486268/100/0/threaded"
"name" : "ADV-2008-0107", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0107" "name": "20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486174/100/0/threaded"
"name" : "ADV-2008-2064", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2064/references" "name": "APPLE-SA-2008-07-10",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00000.html"
"name" : "1019178", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019178" "name": "20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486114/100/0/threaded"
"name" : "28423", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28423" "name": "27225",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27225"
"name" : "31034", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31034" "name": "VU#112179",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/112179"
"name" : "3537", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3537" "name": "20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486241/100/0/threaded"
"name" : "quicktime-rtsp-responses-bo(39601)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39601" "name": "20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/486238/100/0/threaded"
} },
} {
"name": "ADV-2008-0107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0107"
},
{
"name": "3537",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3537"
},
{
"name": "1019178",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019178"
},
{
"name": "28423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28423"
}
]
}
}

190
2008/0xxx/CVE-2008-0269.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0269", "ID": "CVE-2008-0269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "103188", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103188-1" "lang": "eng",
}, "value": "Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors."
{ }
"name" : "201513", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201513-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27260", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27260" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-0130", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/0130" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:5400", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5400" "name": "solaris-dotoprocs-dos(39631)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39631"
"name" : "1019186", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019186" "name": "103188",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103188-1"
"name" : "28491", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28491" "name": "1019186",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019186"
"name" : "solaris-dotoprocs-dos(39631)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39631" "name": "oval:org.mitre.oval:def:5400",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5400"
} },
} {
"name": "27260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27260"
},
{
"name": "ADV-2008-0130",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0130"
},
{
"name": "201513",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201513-1"
},
{
"name": "28491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28491"
}
]
}
}

170
2008/0xxx/CVE-2008-0375.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0375", "ID": "CVE-2008-0375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080117 [CSNC] OKI C5510MFP Printer Password Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486511/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors."
{ }
"name" : "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html", ]
"refsource" : "MISC", },
"url" : "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27339", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27339" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28553", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28553" ]
}, },
{ "references": {
"name" : "3569", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3569" "name": "27339",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27339"
"name" : "c5510mfp-password-security-bypass(39776)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39776" "name": "20080117 [CSNC] OKI C5510MFP Printer Password Disclosure",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/486511/100/0/threaded"
} },
} {
"name": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html",
"refsource": "MISC",
"url": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html"
},
{
"name": "c5510mfp-password-security-bypass(39776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39776"
},
{
"name": "28553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28553"
},
{
"name": "3569",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3569"
}
]
}
}

160
2008/0xxx/CVE-2008-0574.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0574", "ID": "CVE-2008-0574",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080130 Webspell 4.01.02 2 Vulnerabilites", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487312/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action."
{ }
"name" : "27517", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27517" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28684", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28684" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3606", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3606" ]
}, },
{ "references": {
"name" : "webspell-index-xss(40084)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40084" "name": "webspell-index-xss(40084)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40084"
} },
} {
"name": "20080130 Webspell 4.01.02 2 Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487312/100/0/threaded"
},
{
"name": "27517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27517"
},
{
"name": "3606",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3606"
},
{
"name": "28684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28684"
}
]
}
}

130
2008/0xxx/CVE-2008-0907.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0907", "ID": "CVE-2008-0907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5163", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5163" "lang": "eng",
}, "value": "SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter."
{ }
"name" : "27886", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27886" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27886"
},
{
"name": "5163",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5163"
}
]
}
}

190
2008/1xxx/CVE-2008-1208.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1208", "ID": "CVE-2008-1208",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080306 Checkpoint VPN-1 UTM Edge cross-site scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489203/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter."
{ }
"name" : "http://www.louhi.fi/advisory/checkpoint_080306.txt", ]
"refsource" : "MISC", },
"url" : "http://www.louhi.fi/advisory/checkpoint_080306.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34520", "description": [
"refsource" : "CONFIRM", {
"url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34520" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28116", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28116" ]
}, },
{ "references": {
"name" : "ADV-2008-0788", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0788" "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34520",
}, "refsource": "CONFIRM",
{ "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34520"
"name" : "1019554", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019554" "name": "http://www.louhi.fi/advisory/checkpoint_080306.txt",
}, "refsource": "MISC",
{ "url": "http://www.louhi.fi/advisory/checkpoint_080306.txt"
"name" : "29243", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29243" "name": "ADV-2008-0788",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0788"
"name" : "vpn1utmedge-login-xss(41032)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41032" "name": "1019554",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1019554"
} },
} {
"name": "29243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29243"
},
{
"name": "vpn1utmedge-login-xss(41032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41032"
},
{
"name": "28116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28116"
},
{
"name": "20080306 Checkpoint VPN-1 UTM Edge cross-site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489203/100/0/threaded"
}
]
}
}

130
2008/1xxx/CVE-2008-1370.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1370", "ID": "CVE-2008-1370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "28120", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28120" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "yapblog-index-file-include(41049)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41049" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yapblog-index-file-include(41049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41049"
},
{
"name": "28120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28120"
}
]
}
}

160
2008/1xxx/CVE-2008-1461.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1461", "ID": "CVE-2008-1461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080315 XNview 1.92.1 Long Filename Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489658/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker."
{ }
"name" : "http://www.click-internet.fr/index.php?cki=News&news=9", ]
"refsource" : "MISC", },
"url" : "http://www.click-internet.fr/index.php?cki=News&news=9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28259", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28259" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3761", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3761" ]
}, },
{ "references": {
"name" : "xnview-filename-bo(41245)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245" "name": "http://www.click-internet.fr/index.php?cki=News&news=9",
} "refsource": "MISC",
] "url": "http://www.click-internet.fr/index.php?cki=News&news=9"
} },
} {
"name": "28259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28259"
},
{
"name": "20080315 XNview 1.92.1 Long Filename Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489658/100/0/threaded"
},
{
"name": "3761",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3761"
},
{
"name": "xnview-filename-bo(41245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245"
}
]
}
}

150
2008/1xxx/CVE-2008-1696.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1696", "ID": "CVE-2008-1696",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5347", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5347" "lang": "eng",
}, "value": "Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter."
{ }
"name" : "28582", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28582" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29653", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29653" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "dazphpnews-makepost-file-include(41608)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41608" ]
} },
] "references": {
} "reference_data": [
} {
"name": "28582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28582"
},
{
"name": "dazphpnews-makepost-file-include(41608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41608"
},
{
"name": "29653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29653"
},
{
"name": "5347",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5347"
}
]
}
}

160
2008/1xxx/CVE-2008-1968.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1968", "ID": "CVE-2008-1968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080414 S21SEC-043-en:Cezanne SW Blind SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490843/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp."
{ }
"name" : "http://www.s21sec.com/avisos/s21sec-43-en.txt", ]
"refsource" : "MISC", },
"url" : "http://www.s21sec.com/avisos/s21sec-43-en.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28773", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28773" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3830", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3830" ]
}, },
{ "references": {
"name" : "cezanne-funid-sql-injection(41816)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41816" "name": "3830",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3830"
} },
} {
"name": "cezanne-funid-sql-injection(41816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41816"
},
{
"name": "http://www.s21sec.com/avisos/s21sec-43-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/avisos/s21sec-43-en.txt"
},
{
"name": "20080414 S21SEC-043-en:Cezanne SW Blind SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490843/100/0/threaded"
},
{
"name": "28773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28773"
}
]
}
}

240
2008/4xxx/CVE-2008-4020.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-4020", "ID": "CVE-2008-4020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02379", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a \"Content-Disposition: attachment\" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka \"Vulnerability in Content-Disposition Header Vulnerability.\""
{ }
"name" : "SSRT080143", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS08-056", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-288A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" ]
}, },
{ "references": {
"name" : "JVN#55410403", "reference_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN55410403/index.html" "name": "ADV-2008-2807",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2807"
"name" : "JVNDB-2008-000070", },
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html" "name": "32138",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32138"
"name" : "31693", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31693" "name": "office-cdo-xss(45546)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546"
"name" : "oval:org.mitre.oval:def:5969", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969" "name": "SSRT080143",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
"name" : "ADV-2008-2807", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2807" "name": "JVNDB-2008-000070",
}, "refsource": "JVNDB",
{ "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000070.html"
"name" : "1021045", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021045" "name": "MS08-056",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-056"
"name" : "32138", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32138" "name": "HPSBST02379",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
"name" : "office-cdo-xss(45546)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45546" "name": "win-ms08kb957699-update(45550)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550"
"name" : "win-ms08kb957699-update(45550)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45550" "name": "oval:org.mitre.oval:def:5969",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5969"
} },
} {
"name": "JVN#55410403",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55410403/index.html"
},
{
"name": "1021045",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021045"
},
{
"name": "31693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31693"
},
{
"name": "TA08-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
}
]
}
}

150
2008/4xxx/CVE-2008-4079.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4079", "ID": "CVE-2008-4079",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sixapart.jp/movabletype/news/2008/08/07-1445.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.sixapart.jp/movabletype/news/2008/08/07-1445.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://www.sixapart.jp/movabletype/news/2008/08/28-1500.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sixapart.jp/movabletype/news/2008/08/28-1500.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#30385652", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN30385652/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31073", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31073" ]
} },
] "references": {
} "reference_data": [
} {
"name": "JVN#30385652",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30385652/index.html"
},
{
"name": "31073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31073"
},
{
"name": "http://www.sixapart.jp/movabletype/news/2008/08/07-1445.html",
"refsource": "CONFIRM",
"url": "http://www.sixapart.jp/movabletype/news/2008/08/07-1445.html"
},
{
"name": "http://www.sixapart.jp/movabletype/news/2008/08/28-1500.html",
"refsource": "CONFIRM",
"url": "http://www.sixapart.jp/movabletype/news/2008/08/28-1500.html"
}
]
}
}

170
2008/4xxx/CVE-2008-4120.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4120", "ID": "CVE-2008-4120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080925 Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496740/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php."
{ }
"name" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-4120-flatpress.html", ]
"refsource" : "MISC", },
"url" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-4120-flatpress.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.flatpress.org/home/comments.php?entry=entry080925-180744", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.flatpress.org/home/comments.php?entry=entry080925-180744" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/project/shownotes.php?group_id=157089&release_id=628765_id=628765", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/project/shownotes.php?group_id=157089&release_id=628765_id=628765" ]
}, },
{ "references": {
"name" : "31407", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31407" "name": "http://www.flatpress.org/home/comments.php?entry=entry080925-180744",
}, "refsource": "CONFIRM",
{ "url": "http://www.flatpress.org/home/comments.php?entry=entry080925-180744"
"name" : "4324", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4324" "name": "20080925 Cross Site Scripting (XSS) Vulnerabilitiy in flatpress 0.804, CVE-2008-4120",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/496740/100/0/threaded"
} },
} {
"name": "31407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31407"
},
{
"name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-4120-flatpress.html",
"refsource": "MISC",
"url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-4120-flatpress.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=157089&release_id=628765_id=628765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=157089&release_id=628765_id=628765"
},
{
"name": "4324",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4324"
}
]
}
}

150
2008/4xxx/CVE-2008-4664.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4664", "ID": "CVE-2008-4664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information."
{ }
"name" : "27271", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27271" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28494", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28494" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "qvodplayer-activex-bo(39675)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39675" ]
} },
] "references": {
} "reference_data": [
} {
"name": "27271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27271"
},
{
"name": "28494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28494"
},
{
"name": "qvodplayer-activex-bo(39675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39675"
},
{
"name": "http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html",
"refsource": "MISC",
"url": "http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html"
}
]
}
}

170
2008/4xxx/CVE-2008-4733.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4733", "ID": "CVE-2008-4733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081014 WP Comment Remix 1.4.3 Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/497313/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replytotext, (2) quotetext, (3) originallypostedby, (4) sep, (5) maxtags, (6) tagsep, (7) tagheadersep, (8) taglabel, and (9) tagheaderlabel parameters."
{ }
"name" : "http://chxsecurity.org/advisories/adv-3-full.txt", ]
"refsource" : "MISC", },
"url" : "http://chxsecurity.org/advisories/adv-3-full.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31750", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31750" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32253", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32253" ]
}, },
{ "references": {
"name" : "4492", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4492" "name": "32253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32253"
"name" : "wpcommentremix-wpcommentremix-xss(45861)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45861" "name": "20081014 WP Comment Remix 1.4.3 Multiple Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/497313/100/0/threaded"
} },
} {
"name": "31750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31750"
},
{
"name": "wpcommentremix-wpcommentremix-xss(45861)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45861"
},
{
"name": "4492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4492"
},
{
"name": "http://chxsecurity.org/advisories/adv-3-full.txt",
"refsource": "MISC",
"url": "http://chxsecurity.org/advisories/adv-3-full.txt"
}
]
}
}

230
2008/4xxx/CVE-2008-4987.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4987", "ID": "CVE-2008-4987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" "lang": "eng",
}, "value": "xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts."
{ }
"name" : "http://uvw.ru/report.lenny.txt", ]
"refsource" : "MISC", },
"url" : "http://uvw.ru/report.lenny.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/496383", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/496383" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/xastir", ]
"refsource" : "CONFIRM", }
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/xastir" ]
}, },
{ "references": {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" "name": "31771",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31771"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=460429", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=460429" "name": "xastir-getmaptools-getshapelib-symlink(44920)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44920"
"name" : "FEDORA-2008-7269", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html" "name": "FEDORA-2008-7541",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html"
"name" : "FEDORA-2008-7541", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html" "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
"name" : "31030", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31030" "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
"name" : "31677", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31677" "name": "http://bugs.debian.org/496383",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/496383"
"name" : "31771", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31771" "name": "31030",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31030"
"name" : "xastir-getmaptools-getshapelib-symlink(44920)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44920" "name": "FEDORA-2008-7269",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html"
} },
} {
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=460429",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460429"
},
{
"name": "31677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31677"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/xastir",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/xastir"
}
]
}
}

200
2008/5xxx/CVE-2008-5384.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5384", "ID": "CVE-2008-5384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc" "lang": "eng",
}, "value": "crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor."
{ }
"name" : "IZ30248", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IZ34478", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34478" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IZ34783", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34783" ]
}, },
{ "references": {
"name" : "32493", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32493" "name": "32916",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32916"
"name" : "50218", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50218" "name": "IZ30248",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248"
"name" : "oval:org.mitre.oval:def:5612", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5612" "name": "IZ34783",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34783"
"name" : "1021291", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021291" "name": "1021291",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021291"
"name" : "32916", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32916" "name": "IZ34478",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34478"
} },
} {
"name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:5612",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5612"
},
{
"name": "32493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32493"
},
{
"name": "50218",
"refsource": "OSVDB",
"url": "http://osvdb.org/50218"
}
]
}
}

220
2013/2xxx/CVE-2013-2478.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2478", "ID": "CVE-2013-2478",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\\0' characters in a string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-ms-mms.c?r1=47981&r2=47980&pathrev=47981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-ms-mms.c?r1=47981&r2=47980&pathrev=47981" "lang": "eng",
}, "value": "The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\\0' characters in a string."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47981", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47981" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" ]
}, },
{ "references": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-13.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-13.html" "name": "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-ms-mms.c?r1=47981&r2=47980&pathrev=47981",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-ms-mms.c?r1=47981&r2=47980&pathrev=47981"
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382", },
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html"
"name" : "DSA-2644", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2644" "name": "openSUSE-SU-2013:0494",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html"
"name" : "openSUSE-SU-2013:0494", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" "name": "http://www.wireshark.org/security/wnpa-sec-2013-13.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2013-13.html"
"name" : "openSUSE-SU-2013:0506", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" "name": "52471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52471"
"name" : "oval:org.mitre.oval:def:16447", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16447" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html"
"name" : "52471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52471" "name": "openSUSE-SU-2013:0506",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html"
} },
} {
"name": "oval:org.mitre.oval:def:16447",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16447"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47981",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47981"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382"
},
{
"name": "DSA-2644",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2644"
}
]
}
}

130
2013/2xxx/CVE-2013-2820.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-2820", "ID": "CVE-2013-2820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A" "lang": "eng",
}, "value": "The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388."
{ }
"name" : "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf",
"refsource": "CONFIRM",
"url": "http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-007-01A"
}
]
}
}

150
2013/2xxx/CVE-2013-2846.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2846", "ID": "CVE-2013-2846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=177620", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=177620" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2695", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2695" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15805", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15805" ]
} },
] "references": {
} "reference_data": [
} {
"name": "oval:org.mitre.oval:def:15805",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15805"
},
{
"name": "DSA-2695",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2695"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=177620",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=177620"
}
]
}
}

34
2013/3xxx/CVE-2013-3680.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3680", "ID": "CVE-2013-3680",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/3xxx/CVE-2013-3828.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-3828", "ID": "CVE-2013-3828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page."
{ }
"name" : "1029190", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1029190" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
}
]
}
}

120
2013/3xxx/CVE-2013-3903.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3903", "ID": "CVE-2013-3903",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-101", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101" "lang": "eng",
} "value": "Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-101",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-101"
}
]
}
}

34
2013/4xxx/CVE-2013-4145.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-4145", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-4145",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2013/4xxx/CVE-2013-4251.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4251", "ID": "CVE-2013-4251",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2013/4xxx/CVE-2013-4559.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4559", "ID": "CVE-2013-4559",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/11/12/4" "lang": "eng",
}, "value": "lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached."
{ }
"name" : "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2795", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2013/dsa-2795" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBGN03191", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=141576815022399&w=2" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2014:0072", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html" "name": "55682",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55682"
"name" : "55682", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55682" "name": "HPSBGN03191",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2"
} },
} {
"name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt",
"refsource": "CONFIRM",
"url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt"
},
{
"name": "openSUSE-SU-2014:0072",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html"
},
{
"name": "DSA-2795",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2013/dsa-2795"
},
{
"name": "[oss-security] 20131112 Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/12/4"
}
]
}
}

140
2013/6xxx/CVE-2013-6711.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-6711", "ID": "CVE-2013-6711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32156", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32156" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540."
{ }
"name" : "20131212 Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6711" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1029493", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029493" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32156",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32156"
},
{
"name": "20131212 Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6711"
},
{
"name": "1029493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029493"
}
]
}
}

160
2013/6xxx/CVE-2013-6979.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-6979", "ID": "CVE-2013-6979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131223 Cisco IOS XE Software Telnet Authentication Bypass Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6979" "lang": "eng",
}, "value": "The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227."
{ }
"name" : "64502", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/64502" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101351", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/101351" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029537", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029537" ]
}, },
{ "references": {
"name" : "cisco-iosxe-cve20136979-sec-bypass(89901)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89901" "name": "cisco-iosxe-cve20136979-sec-bypass(89901)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89901"
} },
} {
"name": "1029537",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029537"
},
{
"name": "101351",
"refsource": "OSVDB",
"url": "http://osvdb.org/101351"
},
{
"name": "64502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64502"
},
{
"name": "20131223 Cisco IOS XE Software Telnet Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6979"
}
]
}
}

34
2013/7xxx/CVE-2013-7131.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7131", "ID": "CVE-2013-7131",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2013/7xxx/CVE-2013-7402.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7402", "ID": "CVE-2013-7402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140915 Re: CVE assignment for c-icap Server", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q3/603" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request."
{ }
"name" : "http://sourceforge.net/p/c-icap/code/1018/", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/p/c-icap/code/1018/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://advisories.mageia.org/MGASA-2014-0530.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2014-0530.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3101", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-3101" ]
}, },
{ "references": {
"name" : "MDVSA-2015:001", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:001" "name": "61444",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61444"
"name" : "61381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61381" "name": "DSA-3101",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3101"
"name" : "61444", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61444" "name": "61381",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/61381"
} },
} {
"name": "http://sourceforge.net/p/c-icap/code/1018/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/c-icap/code/1018/"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0530.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0530.html"
},
{
"name": "[oss-security] 20140915 Re: CVE assignment for c-icap Server",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/603"
},
{
"name": "MDVSA-2015:001",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:001"
}
]
}
}

140
2017/10xxx/CVE-2017-10375.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10375", "ID": "CVE-2017-10375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Guest Access", "product_name": "Hospitality Guest Access",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "4.2.0" "version_value": "4.2.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "4.2.1" "version_value": "4.2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)."
{ }
"name" : "101434", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101434" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101434"
}
]
}
}

34
2017/10xxx/CVE-2017-10430.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10430", "ID": "CVE-2017-10430",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2017/13xxx/CVE-2017-13031.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13031", "ID": "CVE-2017-13031",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tcpdump.org/tcpdump-changes.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tcpdump.org/tcpdump-changes.txt" "lang": "eng",
}, "value": "The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print()."
{ }
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f539129049f6fb70d17174125", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f539129049f6fb70d17174125" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208221", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3971", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3971" ]
}, },
{ "references": {
"name" : "GLSA-201709-23", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-23" "name": "GLSA-201709-23",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-23"
"name" : "RHEA-2018:0705", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHEA-2018:0705" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "1039307", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039307" "name": "DSA-3971",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3971"
} },
} {
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f539129049f6fb70d17174125",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f539129049f6fb70d17174125"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

128
2017/13xxx/CVE-2017-13300.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2017-13300", "ID": "CVE-2017-13300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
} "value": "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}

34
2017/13xxx/CVE-2017-13963.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13963", "ID": "CVE-2017-13963",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17300.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17300", "ID": "CVE-2017-17300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "S12700,S5700,S6700,S7700,S9700", "product_name": "S12700,S5700,S6700,S7700,S9700",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00" "version_value": "S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "numeric errors"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en" "lang": "eng",
} "value": "Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "numeric errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en"
}
]
}
}

120
2017/17xxx/CVE-2017-17472.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17472", "ID": "CVE-2017-17472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82730030."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730030", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730030" "lang": "eng",
} "value": "TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\\\.\\Viragtlt DeviceIoControl request of 0x82730030."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730030",
"refsource": "MISC",
"url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x82730030"
}
]
}
}

34
2017/17xxx/CVE-2017-17667.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17667", "ID": "CVE-2017-17667",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/17xxx/CVE-2017-17788.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17788", "ID": "CVE-2017-17788",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\\0' character after the version string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html" "lang": "eng",
}, "value": "In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\\0' character after the version string."
{ }
"name" : "http://www.openwall.com/lists/oss-security/2017/12/19/5", ]
"refsource" : "MISC", },
"url" : "http://www.openwall.com/lists/oss-security/2017/12/19/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=790783", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=790783" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4077", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2017/dsa-4077" ]
}, },
{ "references": {
"name" : "USN-3539-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3539-1/" "name": "DSA-4077",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2017/dsa-4077"
} },
} {
"name": "USN-3539-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3539-1/"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=790783",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=790783"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/12/19/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/12/19/5"
},
{
"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html"
}
]
}
}

120
2017/17xxx/CVE-2017-17869.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17869", "ID": "CVE-2017-17869",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cxsecurity.com/issue/WLB-2017120183", "description_data": [
"refsource" : "MISC", {
"url" : "https://cxsecurity.com/issue/WLB-2017120183" "lang": "eng",
} "value": "The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2017120183",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017120183"
}
]
}
}

34
2017/17xxx/CVE-2017-17943.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17943", "ID": "CVE-2017-17943",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/9xxx/CVE-2017-9051.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9051", "ID": "CVE-2017-9051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1039", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1039" "lang": "eng",
}, "value": "libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c."
{ }
"name" : "https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24", ]
"refsource" : "MISC", },
"url" : "https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98548", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98548" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1039",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1039"
},
{
"name": "98548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98548"
},
{
"name": "https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24",
"refsource": "MISC",
"url": "https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24"
}
]
}
}

120
2017/9xxx/CVE-2017-9574.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9574", "ID": "CVE-2017-9574",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"KC Area Credit Union Mobile Banking\" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" "lang": "eng",
} "value": "The \"KC Area Credit Union Mobile Banking\" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}
}

132
2017/9xxx/CVE-2017-9961.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2017-08-01T00:00:00", "DATE_PUBLIC": "2017-08-01T00:00:00",
"ID" : "CVE-2017-9961", "ID": "CVE-2017-9961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ProFace GP-Pro EX", "product_name": "ProFace GP-Pro EX",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 4.07.000" "version_value": "version 4.07.000"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/" "lang": "eng",
}, "value": "A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process."
{ }
"name" : "100114", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100114" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100114"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-195-01/"
}
]
}
}

178
2018/0xxx/CVE-2018-0282.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800", "DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-0282", "ID": "CVE-2018-0282",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability" "TITLE": "Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS ", "product_name": "Cisco IOS ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.8",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-371"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20190109 Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tcp" "lang": "eng",
}, "value": "A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device."
{ }
"name" : "106510", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106510" "exploit": [
} {
] "lang": "eng",
}, "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"source" : { }
"advisory" : "cisco-sa-20190109-tcp", ],
"defect" : [ "impact": {
[ "cvss": {
"CSCvg39082" "baseScore": "6.8",
] "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ",
], "version": "3.0"
"discovery" : "INTERNAL" }
} },
} "problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-371"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106510"
},
{
"name": "20190109 Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tcp"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-tcp",
"defect": [
[
"CSCvg39082"
]
],
"discovery": "INTERNAL"
}
}

34
2018/0xxx/CVE-2018-0478.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-0478", "ID": "CVE-2018-0478",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2018/0xxx/CVE-2018-0798.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00", "DATE_PUBLIC": "2018-01-09T00:00:00",
"ID" : "CVE-2018-0798", "ID": "CVE-2018-0798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Equation Editor", "product_name": "Equation Editor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" "version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html" "lang": "eng",
}, "value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\"."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102370", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102370" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1040153", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040153" ]
} },
] "references": {
} "reference_data": [
} {
"name": "102370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102370"
},
{
"name": "1040153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040153"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798"
},
{
"name": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html"
}
]
}
}

264
2018/0xxx/CVE-2018-0957.json
View File

@ -1,134 +1,134 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-0957", "ID": "CVE-2018-0957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 1511 for x64-based Systems" "version_value": "Version 1511 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957" "lang": "eng",
}, "value": "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964."
{ }
"name" : "103628", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103628" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040662", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040662" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957"
},
{
"name": "1040662",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040662"
},
{
"name": "103628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103628"
}
]
}
}

130
2018/19xxx/CVE-2018-19205.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19205", "ID": "CVE-2018-19205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/roundcube/roundcubemail/releases/tag/1.3.7", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/roundcube/roundcubemail/releases/tag/1.3.7" "lang": "eng",
}, "value": "Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php."
{ }
"name" : "https://roundcube.net/news/2018/07/27/update-1.3.7-released", ]
"refsource" : "MISC", },
"url" : "https://roundcube.net/news/2018/07/27/update-1.3.7-released" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://roundcube.net/news/2018/07/27/update-1.3.7-released",
"refsource": "MISC",
"url": "https://roundcube.net/news/2018/07/27/update-1.3.7-released"
},
{
"name": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.7",
"refsource": "MISC",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.7"
}
]
}
}

34
2018/19xxx/CVE-2018-19338.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19338", "ID": "CVE-2018-19338",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/19xxx/CVE-2018-19353.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19353", "ID": "CVE-2018-19353",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-libansilove-1.0.0", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-libansilove-1.0.0" "lang": "eng",
}, "value": "The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file."
{ }
"name" : "https://github.com/ansilove/libansilove/issues/4", ]
"refsource" : "MISC", },
"url" : "https://github.com/ansilove/libansilove/issues/4" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ansilove/libansilove/issues/4",
"refsource": "MISC",
"url": "https://github.com/ansilove/libansilove/issues/4"
},
{
"name": "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-libansilove-1.0.0",
"refsource": "MISC",
"url": "https://github.com/CCCCCrash/POCs/tree/master/Bin/Tools-libansilove-1.0.0"
}
]
}
}

34
2018/19xxx/CVE-2018-19429.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19429", "ID": "CVE-2018-19429",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2018/19xxx/CVE-2018-19475.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19475", "ID": "CVE-2018-19475",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html" "lang": "eng",
}, "value": "psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same."
{ }
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e", ]
"refsource" : "MISC", },
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315", "description": [
"refsource" : "MISC", {
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=700153", ]
"refsource" : "MISC", }
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=700153" ]
}, },
{ "references": {
"name" : "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26" "name": "DSA-4346",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4346"
"name" : "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf", },
"refsource" : "MISC", {
"url" : "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf" "name": "RHSA-2019:0229",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2019:0229"
"name" : "DSA-4346", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4346" "name": "USN-3831-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3831-1/"
"name" : "RHSA-2019:0229", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0229" "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e",
}, "refsource": "MISC",
{ "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e"
"name" : "USN-3831-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3831-1/" "name": "https://bugs.ghostscript.com/show_bug.cgi?id=700153",
}, "refsource": "MISC",
{ "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700153"
"name" : "106154", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106154" "name": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf",
} "refsource": "MISC",
] "url": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf"
} },
} {
"name": "106154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106154"
},
{
"name": "[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html"
},
{
"name": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26",
"refsource": "MISC",
"url": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315"
}
]
}
}

192
2018/1xxx/CVE-2018-1059.json
View File

@ -1,98 +1,98 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2018-04-23T00:00:00", "DATE_PUBLIC": "2018-04-23T00:00:00",
"ID" : "CVE-2018-1059", "ID": "CVE-2018-1059",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DPDK", "product_name": "DPDK",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 18.02.1" "version_value": "before 18.02.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat, Inc." "vendor_name": "Red Hat, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://access.redhat.com/security/cve/cve-2018-1059", "description_data": [
"refsource" : "MISC", {
"url" : "https://access.redhat.com/security/cve/cve-2018-1059" "lang": "eng",
}, "value": "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1544298" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:1267", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1267" "lang": "eng",
}, "value": "CWE-200"
{ }
"name" : "RHSA-2018:2038", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:2038" ]
}, },
{ "references": {
"name" : "RHSA-2018:2102", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2102" "name": "RHSA-2018:2524",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2524"
"name" : "RHSA-2018:2524", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2524" "name": "RHSA-2018:2102",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2102"
"name" : "USN-3642-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3642-1/" "name": "https://access.redhat.com/security/cve/cve-2018-1059",
}, "refsource": "MISC",
{ "url": "https://access.redhat.com/security/cve/cve-2018-1059"
"name" : "USN-3642-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3642-2/" "name": "USN-3642-2",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3642-2/"
} },
} {
"name": "RHSA-2018:2038",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2038"
},
{
"name": "USN-3642-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3642-1/"
},
{
"name": "RHSA-2018:1267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1267"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544298"
}
]
}
}

172
2018/1xxx/CVE-2018-1525.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-05T00:00:00", "DATE_PUBLIC": "2018-12-05T00:00:00",
"ID" : "CVE-2018-1525", "ID": "CVE-2018-1525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "i2 Enterprise Insight Analysis", "product_name": "i2 Enterprise Insight Analysis",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1.7" "version_value": "2.1.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10738699", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10738699" "lang": "eng",
}, "value": "IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117."
{ }
"name" : "ibm-i2-cve20181525-info-disc(142117)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142117" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.900",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10738699",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10738699"
},
{
"name": "ibm-i2-cve20181525-info-disc(142117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142117"
}
]
}
}

34
2018/1xxx/CVE-2018-1807.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1807", "ID": "CVE-2018-1807",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

172
2018/1xxx/CVE-2018-1877.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-30T00:00:00", "DATE_PUBLIC": "2018-10-30T00:00:00",
"ID" : "CVE-2018-1877", "ID": "CVE-2018-1877",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Robotic Process Automation with Automation Anywhere", "product_name": "Robotic Process Automation with Automation Anywhere",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11" "version_value": "11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "6.200",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735973" "lang": "eng",
}, "value": "IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. IBM X-Force ID: 151713."
{ }
"name" : "ibm-rpa-cve20181877-info-disc(151713)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151713" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "6.200",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10735973",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10735973"
},
{
"name": "ibm-rpa-cve20181877-info-disc(151713)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151713"
}
]
}
}