admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:38:58 +00:00
parent 642f9cfbdb
commit bbe2897f03
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3310 additions and 3292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2008/0xxx/CVE-2008-0374.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0374",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0374",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777."
"lang": "eng",
"value": "OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080117 [CSNC] OKI C5510MFP Printer Password Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486511/100/0/threaded"
"name": "27339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27339"
},
{
"name" : "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html",
"refsource" : "MISC",
"url" : "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html"
"name": "20080117 [CSNC] OKI C5510MFP Printer Password Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486511/100/0/threaded"
},
{
"name" : "27339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27339"
"name": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html",
"refsource": "MISC",
"url": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html"
},
{
"name" : "28553",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28553"
"name": "28553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28553"
},
{
"name" : "3569",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3569"
"name": "c5510mfp-configuration-info-disclosure(39775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39775"
},
{
"name" : "c5510mfp-configuration-info-disclosure(39775)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39775"
"name": "3569",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3569"
}
]
}

80
2008/0xxx/CVE-2008-0501.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0501",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0501",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI."
"lang": "eng",
"value": "Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5000",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5000"
"name": "5000",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5000"
},
{
"name" : "27480",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27480"
"name": "27480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27480"
},
{
"name" : "ADV-2008-0350",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0350"
"name": "ADV-2008-0350",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0350"
},
{
"name" : "phpmyclub-pagecourante-file-include(40007)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40007"
"name": "phpmyclub-pagecourante-file-include(40007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40007"
}
]
}

80
2008/0xxx/CVE-2008-0542.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0542",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0542",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "4989",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4989"
"name": "28681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28681"
},
{
"name" : "27463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27463"
"name": "simpleforum-thumbnail-directory-traversal(39980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39980"
},
{
"name" : "28681",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28681"
"name": "4989",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4989"
},
{
"name" : "simpleforum-thumbnail-directory-traversal(39980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39980"
"name": "27463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27463"
}
]
}

74
2008/0xxx/CVE-2008-0810.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0810",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0810",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080216 joomla SQL Injection( com_scheduling)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488269/100/0/threaded"
"name": "3662",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3662"
},
{
"name" : "27830",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27830"
"name": "27830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27830"
},
{
"name" : "3662",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3662"
"name": "20080216 joomla SQL Injection( com_scheduling)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488269/100/0/threaded"
}
]
}

74
2008/1xxx/CVE-2008-1165.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1165",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1165",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to the item_summary parameter in a details action in index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://flyspray.org/fsa:3",
"refsource" : "CONFIRM",
"url" : "http://flyspray.org/fsa:3"
"name": "http://flyspray.org/fsa:3",
"refsource": "CONFIRM",
"url": "http://flyspray.org/fsa:3"
},
{
"name" : "29215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29215"
"name": "29215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29215"
},
{
"name" : "flyspray-itemsummary-xss(40963)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"
"name": "flyspray-itemsummary-xss(40963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40963"
}
]
}

74
2008/3xxx/CVE-2008-3667.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3667",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3667",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header."
"lang": "eng",
"value": "Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl"
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30617-poc.pl"
},
{
"name" : "30617",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30617"
"name": "30617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30617"
},
{
"name" : "maxthonbrowser-contenttype-bo(44381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44381"
"name": "maxthonbrowser-contenttype-bo(44381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44381"
}
]
}

266
2008/3xxx/CVE-2008-3790.json
View File

@ -1,231 +1,231 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3790",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3790",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\""
"lang": "eng",
"value": "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20080825 CVE Request (ruby)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/25/4"
"name": "USN-651-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/651-1/"
},
{
"name" : "[oss-security] 20080826 Re: CVE Request (ruby)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/26/1"
"name": "33185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33185"
},
{
"name" : "[oss-security] 20080826 Re: CVE Request (ruby)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/26/4"
"name": "oval:org.mitre.oval:def:10393",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393"
},
{
"name" : "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca"
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name" : "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/"
"name": "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb"
},
{
"name" : "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb"
"name": "1020735",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020735"
},
{
"name" : "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release",
"refsource" : "CONFIRM",
"url" : "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release"
"name": "DSA-1652",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1652"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
"name": "FEDORA-2008-8736",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
},
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
"name": "ADV-2008-2428",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2428"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
"name": "ruby-rexml-dos(44628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628"
},
{
"name" : "DSA-1651",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1651"
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name" : "DSA-1652",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1652"
"name": "[oss-security] 20080826 Re: CVE Request (ruby)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/26/4"
},
{
"name" : "FEDORA-2008-8736",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
"name": "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release"
},
{
"name" : "FEDORA-2008-8738",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
},
{
"name" : "GLSA-200812-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml"
"name": "DSA-1651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1651"
},
{
"name" : "RHSA-2008:0897",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "USN-691-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/691-1/"
"name": "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/"
},
{
"name" : "USN-651-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/651-1/"
"name": "RHSA-2008:0897",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
"name": "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca",
"refsource": "MISC",
"url": "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca"
},
{
"name" : "30802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30802"
"name": "[oss-security] 20080825 CVE Request (ruby)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/25/4"
},
{
"name" : "oval:org.mitre.oval:def:10393",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393"
"name": "32219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32219"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "ADV-2008-2483",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2483"
"name": "32255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32255"
},
{
"name" : "ADV-2008-2428",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2428"
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name" : "1020735",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020735"
"name": "30802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30802"
},
{
"name" : "31602",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31602"
"name": "USN-691-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/691-1/"
},
{
"name" : "32255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32255"
"name": "[oss-security] 20080826 Re: CVE Request (ruby)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/26/1"
},
{
"name" : "32256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32256"
"name": "32371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32371"
},
{
"name" : "33178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33178"
"name": "32165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32165"
},
{
"name" : "33185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33185"
"name": "GLSA-200812-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name" : "32165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32165"
"name": "33178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33178"
},
{
"name" : "32219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32219"
"name": "FEDORA-2008-8738",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
},
{
"name" : "32371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32371"
"name": "32256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32256"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
"name": "31602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31602"
},
{
"name" : "ruby-rexml-dos(44628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628"
"name": "ADV-2008-2483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2483"
}
]
}

86
2008/4xxx/CVE-2008-4031.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4031",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-4031",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\""
"lang": "eng",
"value": "Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka \"Word RTF Object Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS08-072",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
"name": "oval:org.mitre.oval:def:5952",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952"
},
{
"name" : "TA08-344A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
"name": "MS08-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
},
{
"name" : "oval:org.mitre.oval:def:5952",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5952"
"name": "1021370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021370"
},
{
"name" : "ADV-2008-3384",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3384"
"name": "TA08-344A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name" : "1021370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021370"
"name": "ADV-2008-3384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3384"
}
]
}

128
2008/4xxx/CVE-2008-4211.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4211",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4211",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to \"handling of columns.\""
"lang": "eng",
"value": "Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to \"handling of columns.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT3216",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3216"
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name" : "http://support.apple.com/kb/HT3318",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3318"
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name" : "APPLE-SA-2008-10-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
"name": "macosx-quicklook2-code-execution(45784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45784"
},
{
"name" : "APPLE-SA-2008-11-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name" : "31681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31681"
"name": "31707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31707"
},
{
"name" : "31707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31707"
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name" : "ADV-2008-2780",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2780"
"name": "1021027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021027"
},
{
"name" : "ADV-2008-3232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3232"
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name" : "1021027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021027"
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name" : "32222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32222"
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name" : "32756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32756"
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name" : "macosx-quicklook2-code-execution(45784)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45784"
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}

22
2008/4xxx/CVE-2008-4257.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4257",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-4257",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}

98
2008/4xxx/CVE-2008-4415.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4415",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4415",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBMA02385",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=122652356130271&w=2"
"name": "SSRT080161",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=122652356130271&w=2"
},
{
"name" : "SSRT080161",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=122652356130271&w=2"
"name": "32272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32272"
},
{
"name" : "32272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32272"
"name": "32712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32712"
},
{
"name" : "49831",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49831"
"name": "HPSBMA02385",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=122652356130271&w=2"
},
{
"name" : "1021171",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021171"
"name": "1021171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021171"
},
{
"name" : "32712",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32712"
"name": "4601",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4601"
},
{
"name" : "4601",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4601"
"name": "49831",
"refsource": "OSVDB",
"url": "http://osvdb.org/49831"
}
]
}

68
2013/2xxx/CVE-2013-2292.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2292",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2292",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
"lang": "eng",
"value": "bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to cause a denial of service (electricity consumption) by mining a block to create a nonstandard Bitcoin transaction containing multiple OP_CHECKSIG script opcodes."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bitcointalk.org/?topic=140078",
"refsource" : "CONFIRM",
"url" : "https://bitcointalk.org/?topic=140078"
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
},
{
"name" : "https://en.bitcoin.it/wiki/CVEs",
"refsource" : "CONFIRM",
"url" : "https://en.bitcoin.it/wiki/CVEs"
"name": "https://bitcointalk.org/?topic=140078",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/?topic=140078"
}
]
}

80
2013/2xxx/CVE-2013-2837.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2837",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2837",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
"lang": "eng",
"value": "Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
"name": "https://code.google.com/p/chromium/issues/detail?id=235638",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=235638"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=235638",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=235638"
"name": "DSA-2695",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2695"
},
{
"name" : "DSA-2695",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2695"
"name": "oval:org.mitre.oval:def:16250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16250"
},
{
"name" : "oval:org.mitre.oval:def:16250",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16250"
"name": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
}
]
}

104
2013/2xxx/CVE-2013-2848.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2848",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2848",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors."
"lang": "eng",
"value": "The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
"name": "DSA-2695",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2695"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=176137",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=176137"
"name": "oval:org.mitre.oval:def:15849",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15849"
},
{
"name" : "http://support.apple.com/kb/HT5934",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5934"
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name" : "APPLE-SA-2013-09-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name" : "APPLE-SA-2013-10-22-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name" : "DSA-2695",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2695"
"name": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html"
},
{
"name" : "oval:org.mitre.oval:def:15849",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15849"
"name": "https://code.google.com/p/chromium/issues/detail?id=176137",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=176137"
},
{
"name" : "54886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54886"
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}

80
2013/3xxx/CVE-2013-3499.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3499",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3499",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header."
"lang": "eng",
"value": "GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls",
"refsource" : "MISC",
"url" : "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls"
"name": "58404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58404"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt"
"name": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls",
"refsource": "MISC",
"url": "https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls"
},
{
"name" : "VU#345260",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/345260"
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt"
},
{
"name" : "58404",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58404"
"name": "VU#345260",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/345260"
}
]
}

80
2013/3xxx/CVE-2013-3897.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3897",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3897",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka \"Internet Explorer Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx"
"name": "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2013/10/08/ms13-080-addresses-two-vulnerabilities-under-limited-targeted-attacks.aspx"
},
{
"name" : "MS13-080",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080"
"name": "TA13-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
},
{
"name" : "TA13-288A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A"
"name": "MS13-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080"
},
{
"name" : "oval:org.mitre.oval:def:18989",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18989"
"name": "oval:org.mitre.oval:def:18989",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18989"
}
]
}

22
2013/6xxx/CVE-2013-6152.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6152",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6152",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

80
2013/6xxx/CVE-2013-6815.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6815",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6815",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue."
"lang": "eng",
"value": "The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/"
"name": "https://service.sap.com/sap/support/notes/1890819",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1890819"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
"name": "55620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55620"
},
{
"name" : "https://service.sap.com/sap/support/notes/1890819",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1890819"
"name": "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/"
},
{
"name" : "55620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55620"
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
}
]
}

92
2013/7xxx/CVE-2013-7094.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7094",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7094",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/"
"name": "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection/"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
"name": "https://service.sap.com/sap/support/notes/1836718",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1836718"
},
{
"name" : "https://service.sap.com/sap/support/notes/1836718",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1836718"
"name": "netweaver-rsddcvercounttabcols-sql-inject(89603)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89603"
},
{
"name" : "64232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64232"
"name": "56061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56061"
},
{
"name" : "56061",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56061"
"name": "64232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64232"
},
{
"name" : "netweaver-rsddcvercounttabcols-sql-inject(89603)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89603"
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
}
]
}

22
2013/7xxx/CVE-2013-7171.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7171",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7171",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

138
2017/10xxx/CVE-2017-10081.json
View File

@ -1,125 +1,125 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10081",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10081",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Java",
"version" : {
"version_data" : [
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u151"
"version_affected": "=",
"version_value": "Java SE: 6u151"
},
{
"version_affected" : "=",
"version_value" : "7u141"
"version_affected": "=",
"version_value": "7u141"
},
{
"version_affected" : "=",
"version_value" : "8u131; Java SE Embedded: 8u131"
"version_affected": "=",
"version_value": "8u131; Java SE Embedded: 8u131"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "RHSA-2017:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1791"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20170720-0001/"
"name": "RHSA-2017:1790",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1790"
},
{
"name" : "DSA-3919",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3919"
"name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
},
{
"name" : "DSA-3954",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3954"
"name": "RHSA-2017:1789",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1789"
},
{
"name" : "GLSA-201709-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-22"
"name": "RHSA-2017:2424",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2424"
},
{
"name" : "RHSA-2017:1789",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1789"
"name": "1038931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038931"
},
{
"name" : "RHSA-2017:1790",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1790"
"name": "99853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99853"
},
{
"name" : "RHSA-2017:1791",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1791"
"name": "RHSA-2017:1792",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1792"
},
{
"name" : "RHSA-2017:1792",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1792"
"name": "GLSA-201709-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-22"
},
{
"name" : "RHSA-2017:2424",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2424"
"name": "DSA-3919",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3919"
},
{
"name" : "99853",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99853"
"name": "DSA-3954",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3954"
},
{
"name" : "1038931",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038931"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

100
2017/10xxx/CVE-2017-10175.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10175",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10175",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "iSupport",
"version" : {
"version_data" : [
"product_name": "iSupport",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.1"
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
"version_affected": "=",
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupport accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "99717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99717"
},
{
"name" : "99717",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99717"
"name": "1038926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038926"
},
{
"name" : "1038926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038926"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

84
2017/10xxx/CVE-2017-10394.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10394",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10394",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "8.54"
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "1039598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039598"
},
{
"name" : "101474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101474"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "1039598",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039598"
"name": "101474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101474"
}
]
}

22
2017/10xxx/CVE-2017-10527.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10527",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10527",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2017/10xxx/CVE-2017-10775.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10775",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10775",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\""
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
}
]
}

64
2017/14xxx/CVE-2017-14460.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00",
"ID" : "CVE-2017-14460",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-14460",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Parity",
"version" : {
"version_data" : [
"product_name": "Parity",
"version": {
"version_data": [
{
"version_value" : "Parity 1.7.8"
"version_value": "Parity 1.7.8"
}
]
}
}
]
},
"vendor_name" : "Talos"
"vendor_name": "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability."
"lang": "eng",
"value": "An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "cross-domain"
"lang": "eng",
"value": "cross-domain"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508"
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508"
}
]
}

62
2017/14xxx/CVE-2017-14560.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14560",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14560",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to \"Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2.\""
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to \"Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560"
}
]
}

22
2017/17xxx/CVE-2017-17207.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17207",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-17207",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

80
2017/17xxx/CVE-2017-17557.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17557",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17557",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process."
"lang": "eng",
"value": "In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html",
"refsource" : "MISC",
"url" : "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "1040733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040733"
},
{
"name" : "103999",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103999"
"name": "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html",
"refsource": "MISC",
"url": "https://blog.0patch.com/2018/05/0patching-foxit-reader-buffer-oops.html"
},
{
"name" : "1040733",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040733"
"name": "103999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103999"
}
]
}

62
2017/17xxx/CVE-2017-17697.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17697",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17697",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping."
"lang": "eng",
"value": "The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/vmware/harbor/issues/3755",
"refsource" : "MISC",
"url" : "https://github.com/vmware/harbor/issues/3755"
"name": "https://github.com/vmware/harbor/issues/3755",
"refsource": "MISC",
"url": "https://github.com/vmware/harbor/issues/3755"
}
]
}

194
2017/17xxx/CVE-2017-17805.json
View File

@ -1,171 +1,171 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17805",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17805",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable."
"lang": "eng",
"value": "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e"
"name": "USN-3617-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name" : "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e"
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
"name": "DSA-4082",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4082"
},
{
"name" : "DSA-4073",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4073"
"name": "USN-3617-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name" : "DSA-4082",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4082"
"name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
"name": "USN-3632-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name" : "SUSE-SU-2018:0010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
"name": "USN-3620-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"name" : "SUSE-SU-2018:0011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name" : "SUSE-SU-2018:0012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
"name": "102291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102291"
},
{
"name" : "openSUSE-SU-2018:0022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "openSUSE-SU-2018:0023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
},
{
"name" : "USN-3617-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3617-1/"
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name" : "USN-3617-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3617-2/"
"name": "DSA-4073",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4073"
},
{
"name" : "USN-3617-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3617-3/"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e"
},
{
"name" : "USN-3619-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-1/"
"name": "USN-3617-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name" : "USN-3620-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3620-1/"
"name": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e"
},
{
"name" : "USN-3620-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3620-2/"
"name": "USN-3620-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3620-1/"
},
{
"name" : "USN-3619-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-2/"
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "USN-3632-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3632-1/"
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
},
{
"name" : "102291",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102291"
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
}
]
}

62
2017/9xxx/CVE-2017-9175.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9175",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9175",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25."
"lang": "eng",
"value": "libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
"name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}

62
2017/9xxx/CVE-2017-9299.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9299",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9299",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected."
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html",
"refsource" : "MISC",
"url" : "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
"name": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/05/turnkey-feat-otrs.html"
}
]
}

62
2017/9xxx/CVE-2017-9566.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9566",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9566",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}

22
2017/9xxx/CVE-2017-9695.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9695",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9695",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/0xxx/CVE-2018-0038.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"ID" : "CVE-2018-0038",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2018-0038",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra."
"lang": "eng",
"value": "Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/JSA10872",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10872"
"name": "https://kb.juniper.net/JSA10872",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10872"
}
]
}

68
2018/0xxx/CVE-2018-0134.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0134",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0134",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Policy Suite",
"version" : {
"version_data" : [
"product_name": "Cisco Policy Suite",
"version": {
"version_data": [
{
"version_value" : "Cisco Policy Suite"
"version_value": "Cisco Policy Suite"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830."
"lang": "eng",
"value": "A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-200"
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1"
"name": "102954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102954"
},
{
"name" : "102954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102954"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1"
}
]
}

68
2018/0xxx/CVE-2018-0249.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0249",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0249",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Aironet 1800 Series Access Point",
"version" : {
"version_data" : [
"product_name": "Cisco Aironet 1800 Series Access Point",
"version": {
"version_data": [
{
"version_value" : "Cisco Aironet 1800 Series Access Point"
"version_value": "Cisco Aironet 1800 Series Access Point"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116."
"lang": "eng",
"value": "A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-20"
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos"
"name": "1040816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040816"
},
{
"name" : "1040816",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040816"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos"
}
]
}

68
2018/0xxx/CVE-2018-0255.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0255",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0255",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Industrial Ethernet Switches",
"version" : {
"version_data" : [
"product_name": "Cisco Industrial Ethernet Switches",
"version": {
"version_data": [
{
"version_value" : "Cisco Industrial Ethernet Switches"
"version_value": "Cisco Industrial Ethernet Switches"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405."
"lang": "eng",
"value": "A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-352"
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess"
"name": "1040715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040715"
},
{
"name" : "1040715",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040715"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iess"
}
]
}

74
2018/1000xxx/CVE-2018-1000617.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-08T15:52:41.195865",
"DATE_REQUESTED" : "2018-07-01T16:24:35",
"ID" : "CVE-2018-1000617",
"REQUESTER" : "f3i@t00ls.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.195865",
"DATE_REQUESTED": "2018-07-01T16:24:35",
"ID": "CVE-2018-1000617",
"REQUESTER": "f3i@t00ls.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Atlassian Floodlight Controller",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "1.2 and earlier versions"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Atlassian Floodlight"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack)."
"lang": "eng",
"value": "Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://gms.cl0udz.com/Floodlight_DoS.pdf",
"refsource" : "MISC",
"url" : "http://gms.cl0udz.com/Floodlight_DoS.pdf"
"name": "104711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104711"
},
{
"name" : "104711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104711"
"name": "http://gms.cl0udz.com/Floodlight_DoS.pdf",
"refsource": "MISC",
"url": "http://gms.cl0udz.com/Floodlight_DoS.pdf"
}
]
}

68
2018/1000xxx/CVE-2018-1000627.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-31T16:52:42.837172",
"DATE_REQUESTED" : "2018-07-27T00:00:00",
"ID" : "CVE-2018-1000627",
"REQUESTER" : "stmoore@us.ibm.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-31T16:52:42.837172",
"DATE_REQUESTED": "2018-07-27T00:00:00",
"ID": "CVE-2018-1000627",
"REQUESTER": "stmoore@us.ibm.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "V2I Hub",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "2.5.1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Battelle"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system."
"lang": "eng",
"value": "Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304"
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147304"
}
]
}

116
2018/1000xxx/CVE-2018-1000632.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-19T17:09:33.115822",
"DATE_REQUESTED" : "2018-07-30T13:22:12",
"ID" : "CVE-2018-1000632",
"REQUESTER" : "mario.s.s.areias@gmail.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.115822",
"DATE_REQUESTED": "2018-07-30T13:22:12",
"ID": "CVE-2018-1000632",
"REQUESTER": "mario.s.s.areias@gmail.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "dom4j",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "prior to version 2.1.1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "dom4j"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later."
"lang": "eng",
"value": "dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-91: XML Injection"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "https://ihacktoprotect.com/post/dom4j-xml-injection/",
"refsource" : "MISC",
"url" : "https://ihacktoprotect.com/post/dom4j-xml-injection/"
"name": "https://github.com/dom4j/dom4j/issues/48",
"refsource": "CONFIRM",
"url": "https://github.com/dom4j/dom4j/issues/48"
},
{
"name" : "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
"refsource" : "CONFIRM",
"url" : "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"
"name": "[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html"
},
{
"name" : "https://github.com/dom4j/dom4j/issues/48",
"refsource" : "CONFIRM",
"url" : "https://github.com/dom4j/dom4j/issues/48"
"name": "RHSA-2019:0364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0364"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
"refsource": "CONFIRM",
"url": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"
},
{
"name" : "RHSA-2019:0362",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0362"
"name": "https://ihacktoprotect.com/post/dom4j-xml-injection/",
"refsource": "MISC",
"url": "https://ihacktoprotect.com/post/dom4j-xml-injection/"
},
{
"name" : "RHSA-2019:0364",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0364"
"name": "RHSA-2019:0362",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0362"
},
{
"name" : "RHSA-2019:0365",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0365"
"name": "RHSA-2019:0365",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0365"
},
{
"name" : "RHSA-2019:0380",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0380"
"name": "RHSA-2019:0380",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0380"
}
]
}

62
2018/19xxx/CVE-2018-19331.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19331",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19331",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter."
"lang": "eng",
"value": "An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html",
"refsource" : "MISC",
"url" : "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html"
"name": "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html",
"refsource": "MISC",
"url": "https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html"
}
]
}

22
2018/19xxx/CVE-2018-19928.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19928",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19928",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/19xxx/CVE-2018-19981.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19981",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19981",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4009.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4009",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4009",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4073.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4073",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4073",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2018/4xxx/CVE-2018-4330.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4330",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4330",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling."
"lang": "eng",
"value": "In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT208848",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208848"
"name": "1041665",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041665"
},
{
"name" : "105384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105384"
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name" : "1041665",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041665"
"name": "105384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105384"
}
]
}

22
2018/4xxx/CVE-2018-4335.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4335",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4335",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4519.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4519",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4519",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

18
2019/9xxx/CVE-2019-9852.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}