admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:43:51 +00:00
parent c17016bd2f
commit be038f3736
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4059 additions and 4059 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0398.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0398", "ID": "CVE-2001-0398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010402 ~..~!guano", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html" "lang": "eng",
}, "value": "The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon."
{ }
"name" : "2530", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2530" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2530"
},
{
"name": "20010402 ~..~!guano",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html"
}
]
}
}

210
2001/0xxx/CVE-2001-0717.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0717", "ID": "CVE-2001-0717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/alerts/advise98.php" "lang": "eng",
}, "value": "Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function."
{ }
"name" : "CA-2001-27", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2001-27.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "M-002", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/m-002.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CSSA-2001-SCO.28", ]
"refsource" : "CALDERA", }
"url" : "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt" ]
}, },
{ "references": {
"name" : "SSRT0767U", "reference_data": [
"refsource" : "COMPAQ", {
"url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml" "name": "3382",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/3382"
"name" : "HPSBUX0110-168", },
"refsource" : "HP", {
"url" : "http://online.securityfocus.com/advisories/3584" "name": "HPSBUX0110-168",
}, "refsource": "HP",
{ "url": "http://online.securityfocus.com/advisories/3584"
"name" : "00212", },
"refsource" : "SUN", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212" "name": "00212",
}, "refsource": "SUN",
{ "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212"
"name" : "3382", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3382" "name": "20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service",
}, "refsource": "ISS",
{ "url": "http://xforce.iss.net/alerts/advise98.php"
"name" : "1002479", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1002479" "name": "CA-2001-27",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2001-27.html"
"name" : "tooltalk-ttdbserverd-format-string(7069)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7069" "name": "tooltalk-ttdbserverd-format-string(7069)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7069"
} },
} {
"name": "1002479",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1002479"
},
{
"name": "SSRT0767U",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml"
},
{
"name": "CSSA-2001-SCO.28",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt"
},
{
"name": "M-002",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-002.shtml"
}
]
}
}

180
2008/0xxx/CVE-2008-0014.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0014", "ID": "CVE-2008-0014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", "description_data": [
"refsource" : "ISS", {
"url" : "http://www.iss.net/threats/310.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013."
{ }
"name" : "http://blogs.iss.net/archive/trend.html", ]
"refsource" : "MISC", },
"url" : "http://blogs.iss.net/archive/trend.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#768681", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/768681" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32261", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/32261" ]
}, },
{ "references": {
"name" : "ADV-2008-3127", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3127" "name": "32618",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32618"
"name" : "32618", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32618" "name": "32261",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/32261"
"name" : "application-rpc-config3-bo(39920)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920" "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
} "refsource": "ISS",
] "url": "http://www.iss.net/threats/310.html"
} },
} {
"name": "application-rpc-config3-bo(39920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39920"
},
{
"name": "VU#768681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/768681"
},
{
"name": "http://blogs.iss.net/archive/trend.html",
"refsource": "MISC",
"url": "http://blogs.iss.net/archive/trend.html"
},
{
"name": "ADV-2008-3127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3127"
}
]
}
}

140
2008/0xxx/CVE-2008-0390.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0390", "ID": "CVE-2008-0390",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4933", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4933" "lang": "eng",
}, "value": "stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php."
{ }
"name" : "27342", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27342" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "auracms-stat-code-execution(39777)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39777" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "27342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27342"
},
{
"name": "4933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4933"
},
{
"name": "auracms-stat-code-execution(39777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39777"
}
]
}
}

140
2008/0xxx/CVE-2008-0724.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0724", "ID": "CVE-2008-0724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080201 The Everything Development System - SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487436/100/0/threaded" "lang": "eng",
}, "value": "The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts."
{ }
"name" : "5037", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5037" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3631", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3631" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20080201 The Everything Development System - SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487436/100/0/threaded"
},
{
"name": "3631",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3631"
},
{
"name": "5037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5037"
}
]
}
}

150
2008/0xxx/CVE-2008-0746.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0746", "ID": "CVE-2008-0746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5084", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5084" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action."
{ }
"name" : "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2008-February/001901.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability", "description": [
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2008-February/001902.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27695", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27695" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-February/001901.html"
},
{
"name": "20080208 Mambo Component com_gallery Remote SQL Injection Vulnerability",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-February/001902.html"
},
{
"name": "27695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27695"
},
{
"name": "5084",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5084"
}
]
}
}

150
2008/1xxx/CVE-2008-1269.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1269", "ID": "CVE-2008-1269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080301 The Router Hacking Challenge is Over!", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" "lang": "eng",
}, "value": "cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request."
{ }
"name" : "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip", ]
"refsource" : "MISC", },
"url" : "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", "description": [
"refsource" : "MISC", {
"url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "alicegate2pluswifi-admin-security-bypass(41110)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41110" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip",
"refsource": "MISC",
"url": "http://vx.netlux.org/wargamevx/alice_gate2_pluswifi_PoC.zip"
},
{
"name": "alicegate2pluswifi-admin-security-bypass(41110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41110"
}
]
}
}

190
2008/1xxx/CVE-2008-1322.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1322", "ID": "CVE-2008-1322",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489359/100/0/threaded" "lang": "eng",
}, "value": "The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability."
{ }
"name" : "5229", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5229" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.altervista.org/adv/asgulo-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/asgulo-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28188", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28188" ]
}, },
{ "references": {
"name" : "ADV-2008-0839", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0839/references" "name": "asgsentry-fcheck-dos(41080)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41080"
"name" : "29289", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29289" "name": "28188",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28188"
"name" : "3737", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3737" "name": "ADV-2008-0839",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0839/references"
"name" : "asgsentry-fcheck-dos(41080)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41080" "name": "3737",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3737"
} },
} {
"name": "29289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29289"
},
{
"name": "20080310 Multiple vulnerabilities in ASG-Sentry 7.0.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489359/100/0/threaded"
},
{
"name": "5229",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5229"
},
{
"name": "http://aluigi.altervista.org/adv/asgulo-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/asgulo-adv.txt"
}
]
}
}

150
2008/1xxx/CVE-2008-1535.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1535", "ID": "CVE-2008-1535",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5297", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5297" "lang": "eng",
}, "value": "SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php."
{ }
"name" : "28422", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29510", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29510" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "rekry!joom-index-sql-injection(41385)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41385" ]
} },
] "references": {
} "reference_data": [
} {
"name": "rekry!joom-index-sql-injection(41385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41385"
},
{
"name": "29510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29510"
},
{
"name": "5297",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5297"
},
{
"name": "28422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28422"
}
]
}
}

300
2008/1xxx/CVE-2008-1612.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-1612", "ID": "CVE-2008-1612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch" "lang": "eng",
}, "value": "The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239."
{ }
"name" : "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20080401 CVE id request: squid", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/04/01/5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[squid-announce[ 20080322 Advisory Squid-2007:2 updated", ]
"refsource" : "MLIST", }
"url" : "http://marc.info/?l=squid-announce&m=120614453813157&w=2" ]
}, },
{ "references": {
"name" : "DSA-1646", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1646" "name": "USN-601-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-601-1"
"name" : "FEDORA-2008-2740", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html" "name": "FEDORA-2008-2740",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00560.html"
"name" : "GLSA-200903-38", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200903-38.xml" "name": "28693",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28693"
"name" : "MDVSA-2008:134", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134" "name": "29813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29813"
"name" : "RHSA-2008:0214", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0214.html" "name": "SUSE-SR:2008:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
"name" : "SUSE-SR:2008:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html" "name": "30032",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30032"
"name" : "USN-601-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-601-1" "name": "DSA-1646",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1646"
"name" : "28693", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28693" "name": "GLSA-200903-38",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200903-38.xml"
"name" : "oval:org.mitre.oval:def:11376", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376" "name": "27477",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27477"
"name" : "29813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29813" "name": "squid-arrayshrink-dos(41586)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586"
"name" : "27477", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27477" "name": "MDVSA-2008:134",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:134"
"name" : "30032", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30032" "name": "32109",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32109"
"name" : "32109", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32109" "name": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Advisories/SQUID-2007_2.txt"
"name" : "34467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34467" "name": "RHSA-2008:0214",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0214.html"
"name" : "squid-arrayshrink-dos(41586)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41586" "name": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch",
} "refsource": "MISC",
] "url": "http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch"
} },
} {
"name": "[squid-announce[ 20080322 Advisory Squid-2007:2 updated",
"refsource": "MLIST",
"url": "http://marc.info/?l=squid-announce&m=120614453813157&w=2"
},
{
"name": "oval:org.mitre.oval:def:11376",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11376"
},
{
"name": "34467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34467"
},
{
"name": "[oss-security] 20080401 CVE id request: squid",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/04/01/5"
}
]
}
}

180
2008/1xxx/CVE-2008-1618.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1618", "ID": "CVE-2008-1618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf" "lang": "eng",
}, "value": "The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames."
{ }
"name" : "28619", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28619" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1152", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1152/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44218", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/44218" ]
}, },
{ "references": {
"name" : "1019796", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019796" "name": "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf",
}, "refsource": "MISC",
{ "url": "http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf"
"name" : "29708", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29708" "name": "44218",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/44218"
"name" : "firebox-pptpvpn-mschapv2-info-disclosure(41683)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41683" "name": "ADV-2008-1152",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1152/references"
} },
} {
"name": "28619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28619"
},
{
"name": "firebox-pptpvpn-mschapv2-info-disclosure(41683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41683"
},
{
"name": "29708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29708"
},
{
"name": "1019796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019796"
}
]
}
}

160
2008/5xxx/CVE-2008-5093.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5093", "ID": "CVE-2008-5093",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/viewContent.do?externalId=3426981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3426981" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
{ }
"name" : "30947", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30947" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1020785", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020785" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2462", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2462" ]
}, },
{ "references": {
"name" : "novell-edirectory-httpstk-xss(46667)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46667" "name": "30947",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30947"
} },
} {
"name": "novell-edirectory-httpstk-xss(46667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46667"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3426981"
},
{
"name": "1020785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020785"
},
{
"name": "ADV-2008-2462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2462"
}
]
}
}

34
2008/5xxx/CVE-2008-5483.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-5483", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-5483",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

140
2008/5xxx/CVE-2008-5555.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5555", "ID": "CVE-2008-5555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to \"XDomainRequest Allowed Injection (XAI).\" NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to \"address every conceivable XSS attack scenario.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081211 Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499124/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to \"XDomainRequest Allowed Injection (XAI).\" NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to \"address every conceivable XSS attack scenario.\""
{ }
"name" : "ie-antixss-xss(47277)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47277" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ie-xdomainrequestallowed-xss-filter-bypass(47444)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47444" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ie-xdomainrequestallowed-xss-filter-bypass(47444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47444"
},
{
"name": "ie-antixss-xss(47277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47277"
},
{
"name": "20081211 Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499124/100/0/threaded"
}
]
}
}

150
2008/5xxx/CVE-2008-5561.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5561", "ID": "CVE-2008-5561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7396", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7396" "lang": "eng",
}, "value": "SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php."
{ }
"name" : "32725", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32725" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4726", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4726" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "netref-ficheproduct-sql-injection(47191)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47191" ]
} },
] "references": {
} "reference_data": [
} {
"name": "32725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32725"
},
{
"name": "7396",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7396"
},
{
"name": "netref-ficheproduct-sql-injection(47191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47191"
},
{
"name": "4726",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4726"
}
]
}
}

160
2008/5xxx/CVE-2008-5738.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5738", "ID": "CVE-2008-5738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7513", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7513" "lang": "eng",
}, "value": "Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information."
{ }
"name" : "32914", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32914" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50827", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50827" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33214", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33214" ]
}, },
{ "references": {
"name" : "4816", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4816" "name": "4816",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4816"
} },
} {
"name": "32914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32914"
},
{
"name": "7513",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7513"
},
{
"name": "50827",
"refsource": "OSVDB",
"url": "http://osvdb.org/50827"
},
{
"name": "33214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33214"
}
]
}
}

160
2013/0xxx/CVE-2013-0140.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-0140", "ID": "CVE-2013-0140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140427 Re: Exploit: McAfee ePolicy 0wner (ePowner ) – Release", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Apr/289" "lang": "eng",
}, "value": "SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel."
{ }
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10042", ]
"refsource" : "CONFIRM", },
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10042" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA13-193A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-193A" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#209131", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/209131" ]
}, },
{ "references": {
"name" : "59500", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59500" "name": "VU#209131",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/209131"
} },
} {
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10042",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10042"
},
{
"name": "TA13-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-193A"
},
{
"name": "59500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59500"
},
{
"name": "20140427 Re: Exploit: McAfee ePolicy 0wner (ePowner ) \u00c3\u00a2\u00e2\u0082\u00ac\u00e2\u0080\u009c Release",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/289"
}
]
}
}

130
2013/0xxx/CVE-2013-0580.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-0580", "ID": "CVE-2013-0580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651990", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651990" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users."
{ }
"name" : "ibm-optim-cve20130580-csrf(83332)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83332" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-optim-cve20130580-csrf(83332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83332"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651990",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651990"
}
]
}
}

120
2013/0xxx/CVE-2013-0683.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-0683", "ID": "CVE-2013-0683",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf" "lang": "eng",
} "value": "The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf"
}
]
}
}

130
2013/0xxx/CVE-2013-0720.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2013-0720", "ID": "CVE-2013-0720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#11249169", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN11249169/index.html" "lang": "eng",
}, "value": "The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem."
{ }
"name" : "JVNDB-2013-000027", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000027" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#11249169",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN11249169/index.html"
},
{
"name": "JVNDB-2013-000027",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000027"
}
]
}
}

140
2013/3xxx/CVE-2013-3163.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3163", "ID": "CVE-2013-3163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3144 and CVE-2013-3151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-055", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3144 and CVE-2013-3151."
{ }
"name" : "TA13-190A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:17363", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17363" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
},
{
"name": "oval:org.mitre.oval:def:17363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17363"
},
{
"name": "TA13-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-190A"
}
]
}
}

150
2013/3xxx/CVE-2013-3537.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3537", "ID": "CVE-2013-3537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter."
{ }
"name" : "59069", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/59069" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92318", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/92318" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "todooforum-todooforum-sql-injection(83599)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83599" ]
} },
] "references": {
} "reference_data": [
} {
"name": "92318",
"refsource": "OSVDB",
"url": "http://osvdb.org/92318"
},
{
"name": "59069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59069"
},
{
"name": "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121290/Todoo-Forum-2.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "todooforum-todooforum-sql-injection(83599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83599"
}
]
}
}

120
2013/3xxx/CVE-2013-3878.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3878", "ID": "CVE-2013-3878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka \"LRPC Client Buffer Overrun Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-102", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-102" "lang": "eng",
} "value": "Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka \"LRPC Client Buffer Overrun Vulnerability.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-102",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-102"
}
]
}
}

140
2013/3xxx/CVE-2013-3914.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3914", "ID": "CVE-2013-3914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-088", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-088" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "TA13-317A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-317A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18893", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18893" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA13-317A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-317A"
},
{
"name": "MS13-088",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-088"
},
{
"name": "oval:org.mitre.oval:def:18893",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18893"
}
]
}
}

190
2013/4xxx/CVE-2013-4128.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4128", "ID": "CVE-2013-4128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=984795", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=984795" "lang": "eng",
}, "value": "Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client."
{ }
"name" : "RHSA-2013:1151", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1151.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1152", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1152.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1437", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html" ]
}, },
{ "references": {
"name" : "96217", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/96217" "name": "RHSA-2013:1152",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1152.html"
"name" : "1028898", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028898" "name": "96217",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/96217"
"name" : "54508", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54508" "name": "54508",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54508"
"name" : "eap-cve20134128-session-hijacking(86386)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86386" "name": "RHSA-2013:1437",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
} },
} {
"name": "1028898",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028898"
},
{
"name": "RHSA-2013:1151",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1151.html"
},
{
"name": "eap-cve20134128-session-hijacking(86386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86386"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=984795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=984795"
}
]
}
}

160
2013/4xxx/CVE-2013-4394.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4394", "ID": "CVE-2013-4394",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131001 Re: [CVE request] systemd", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/10/01/9" "lang": "eng",
}, "value": "The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\""
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=862324", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=862324" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2777", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2777" ]
}, },
{ "references": {
"name" : "GLSA-201612-34", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201612-34" "name": "GLSA-201612-34",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201612-34"
} },
} {
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=862324",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=862324"
},
{
"name": "DSA-2777",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2777"
},
{
"name": "[oss-security] 20131001 Re: [CVE request] systemd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/9"
}
]
}
}

130
2013/4xxx/CVE-2013-4580.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4580", "ID": "CVE-2013-4580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/11/15/4" "lang": "eng",
}, "value": "GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls."
{ }
"name" : "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131114 Re: Requesting four (4) CVE identifiers for GitLab",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/15/4"
},
{
"name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/",
"refsource": "CONFIRM",
"url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/"
}
]
}
}

34
2013/6xxx/CVE-2013-6604.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6604", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6604",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

190
2013/7xxx/CVE-2013-7217.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7217", "ID": "CVE-2013-7217",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has \"critical\" impact and unspecified vectors, a different vulnerability than CVE-2013-7091."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugzilla.zimbra.com/show_bug.cgi?id=84547", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.zimbra.com/show_bug.cgi?id=84547" "lang": "eng",
}, "value": "Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has \"critical\" impact and unspecified vectors, a different vulnerability than CVE-2013-7091."
{ }
"name" : "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html" ]
}, },
{ "references": {
"name" : "64415", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64415" "name": "http://bugzilla.zimbra.com/show_bug.cgi?id=84547",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.zimbra.com/show_bug.cgi?id=84547"
"name" : "101147", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/101147" "name": "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html"
"name" : "56138", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56138" "name": "56138",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56138"
"name" : "zimbracollaborationserver-unspecified(89847)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89847" "name": "101147",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/101147"
} },
} {
"name": "64415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64415"
},
{
"name": "zimbracollaborationserver-unspecified(89847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89847"
},
{
"name": "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf",
"refsource": "CONFIRM",
"url": "http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf"
},
{
"name": "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf",
"refsource": "CONFIRM",
"url": "http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf"
}
]
}
}

132
2017/10xxx/CVE-2017-10260.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10260", "ID": "CVE-2017-10260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SSM - (hot-tamale) ILOM: Integrated Lights Out Manager", "product_name": "SSM - (hot-tamale) ILOM: Integrated Lights Out Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "3.2.6" "version_value": "3.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM)."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "101426", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101426" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Integrated Lights Out Manager (ILOM)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101426"
}
]
}
}

140
2017/10xxx/CVE-2017-10681.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10681", "ID": "CVE-2017-10681",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request."
{ }
"name" : "https://github.com/Piwigo/Piwigo/issues/721", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/Piwigo/Piwigo/issues/721" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99362", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99362" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99362"
},
{
"name": "https://github.com/Piwigo/Piwigo/issues/721",
"refsource": "CONFIRM",
"url": "https://github.com/Piwigo/Piwigo/issues/721"
},
{
"name": "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0",
"refsource": "CONFIRM",
"url": "https://github.com/Piwigo/Piwigo/commit/03a8329b89c0d196ecdb54227a8113f24555ffc0"
}
]
}
}

160
2017/10xxx/CVE-2017-10982.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10982", "ID": "CVE-2017-10982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://freeradius.org/security/fuzzer-2017.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://freeradius.org/security/fuzzer-2017.html" "lang": "eng",
}, "value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
{ }
"name" : "DSA-3930", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3930" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:1759", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1759" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99912", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99912" ]
}, },
{ "references": {
"name" : "1038914", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038914" "name": "1038914",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1038914"
} },
} {
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}

230
2017/12xxx/CVE-2017-12167.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-12167", "ID": "CVE-2017-12167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EAP-7", "product_name": "EAP-7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.0.9" "version_value": "7.0.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat" "vendor_name": "Red Hat"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-732"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167" "lang": "eng",
}, "value": "It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system."
{ }
"name" : "RHSA-2017:3454", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:3454" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2017:3455", {
"refsource" : "REDHAT", "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"url" : "https://access.redhat.com/errata/RHSA-2017:3455" "version": "3.0"
}, }
{ ]
"name" : "RHSA-2017:3456", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:3456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:3458", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3458" "lang": "eng",
}, "value": "CWE-732"
{ }
"name" : "RHSA-2018:0002", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:0002" ]
}, },
{ "references": {
"name" : "RHSA-2018:0003", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0003" "name": "RHSA-2018:0002",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0002"
"name" : "RHSA-2018:0004", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0004" "name": "RHSA-2017:3458",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3458"
"name" : "RHSA-2018:0005", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0005" "name": "RHSA-2018:0004",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0004"
"name" : "100903", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100903" "name": "100903",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/100903"
} },
} {
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "RHSA-2018:0003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0003"
},
{
"name": "RHSA-2018:0005",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0005"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
}
]
}
}

34
2017/12xxx/CVE-2017-12204.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12204", "ID": "CVE-2017-12204",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/12xxx/CVE-2017-12355.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12355", "ID": "CVE-2017-12355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XR", "product_name": "Cisco IOS XR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XR" "version_value": "Cisco IOS XR"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr" "lang": "eng",
}, "value": "A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332."
{ }
"name" : "101989", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101989" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039927", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039927" "lang": "eng",
} "value": "CWE-399"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "101989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101989"
},
{
"name": "1039927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039927"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr"
}
]
}
}

34
2017/12xxx/CVE-2017-12890.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12890", "ID": "CVE-2017-12890",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2017/13xxx/CVE-2017-13214.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-13214", "ID": "CVE-2017-13214",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android kernel" "version_value": "Android kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-01-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-01-01" "lang": "eng",
}, "value": "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900."
{ }
"name" : "102416", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102416" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040106", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040106" "lang": "eng",
} "value": "Denial of service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name": "102416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102416"
}
]
}
}

138
2017/13xxx/CVE-2017-13231.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-02-05T00:00:00", "DATE_PUBLIC": "2018-02-05T00:00:00",
"ID" : "CVE-2017-13231", "ID": "CVE-2017-13231",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-02-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-02-01" "lang": "eng",
}, "value": "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232."
{ }
"name" : "102976", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102976" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-02-01"
},
{
"name": "102976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102976"
}
]
}
}

34
2017/13xxx/CVE-2017-13393.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13393", "ID": "CVE-2017-13393",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13655.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13655", "ID": "CVE-2017-13655",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/16xxx/CVE-2017-16424.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16424", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16424",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17042.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17042", "ID": "CVE-2017-17042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4" "lang": "eng",
} "value": "lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4",
"refsource": "CONFIRM",
"url": "https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4"
}
]
}
}

140
2017/17xxx/CVE-2017-17106.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17106", "ID": "CVE-2017-17106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20171212 Three exploits for Zivif Web Cameras (may impact others)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Dec/42" "lang": "eng",
}, "value": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages."
{ }
"name" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://twitter.com/silascutler/status/938052460328968192", "description": [
"refsource" : "MISC", {
"url" : "https://twitter.com/silascutler/status/938052460328968192" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/silascutler/status/938052460328968192",
"refsource": "MISC",
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
]
}
}

34
2017/17xxx/CVE-2017-17190.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17190", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17190",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

160
2017/17xxx/CVE-2017-17382.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17382", "ID": "CVE-2017-17382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://robotattack.org/", "description_data": [
"refsource" : "MISC", {
"url" : "https://robotattack.org/" "lang": "eng",
}, "value": "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
{ }
"name" : "https://support.citrix.com/article/ctx230238", ]
"refsource" : "CONFIRM", },
"url" : "https://support.citrix.com/article/ctx230238" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#144389", "description": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/144389" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102173", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/102173" ]
}, },
{ "references": {
"name" : "1039985", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039985" "name": "https://support.citrix.com/article/ctx230238",
} "refsource": "CONFIRM",
] "url": "https://support.citrix.com/article/ctx230238"
} },
} {
"name": "https://robotattack.org/",
"refsource": "MISC",
"url": "https://robotattack.org/"
},
{
"name": "102173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102173"
},
{
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"name": "1039985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039985"
}
]
}
}

130
2017/17xxx/CVE-2017-17637.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17637", "ID": "CVE-2017-17637",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43308", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43308/" "lang": "eng",
}, "value": "Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter."
{ }
"name" : "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145349/Car-Rental-Script-2.0.4-SQL-Injection.html"
},
{
"name": "43308",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43308/"
}
]
}
}

34
2018/18xxx/CVE-2018-18047.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18047", "ID": "CVE-2018-18047",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18113.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18113", "ID": "CVE-2018-18113",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18371.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18371", "ID": "CVE-2018-18371",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/18xxx/CVE-2018-18444.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18444", "ID": "CVE-2018-18444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/openexr/openexr/issues/351", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/openexr/openexr/issues/351" "lang": "eng",
} "value": "makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openexr/openexr/issues/351",
"refsource": "MISC",
"url": "https://github.com/openexr/openexr/issues/351"
}
]
}
}

34
2018/18xxx/CVE-2018-18971.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18971", "ID": "CVE-2018-18971",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/19xxx/CVE-2018-19326.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19326", "ID": "CVE-2018-19326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33" "lang": "eng",
} "value": "Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33",
"refsource": "MISC",
"url": "https://gist.github.com/numanturle/4988b5583e5ebe501059bd368636de33"
}
]
}
}

170
2018/19xxx/CVE-2018-19623.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19623", "ID": "CVE-2018-19623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" "lang": "eng",
}, "value": "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132", ]
"refsource" : "MISC", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f", "description": [
"refsource" : "MISC", {
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-53.html", ]
"refsource" : "MISC", }
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-53.html" ]
}, },
{ "references": {
"name" : "DSA-4359", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4359" "name": "https://www.wireshark.org/security/wnpa-sec-2018-53.html",
}, "refsource": "MISC",
{ "url": "https://www.wireshark.org/security/wnpa-sec-2018-53.html"
"name" : "106051", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106051" "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f",
} "refsource": "MISC",
] "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f"
} },
} {
"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132"
},
{
"name": "106051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106051"
},
{
"name": "DSA-4359",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4359"
}
]
}
}

120
2018/19xxx/CVE-2018-19761.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19761", "ID": "CVE-2018-19761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649200", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649200" "lang": "eng",
} "value": "There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649200",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649200"
}
]
}
}

120
2018/19xxx/CVE-2018-19991.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19991", "ID": "CVE-2018-19991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/alexazhou/VeryNginx/issues/218", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/alexazhou/VeryNginx/issues/218" "lang": "eng",
} "value": "VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/alexazhou/VeryNginx/issues/218",
"refsource": "MISC",
"url": "https://github.com/alexazhou/VeryNginx/issues/218"
}
]
}
}

200
2018/1xxx/CVE-2018-1544.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-05-22T00:00:00", "DATE_PUBLIC": "2018-05-22T00:00:00",
"ID" : "CVE-2018-1544", "ID": "CVE-2018-1544",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DB2 for Linux, UNIX and Windows", "product_name": "DB2 for Linux, UNIX and Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.5" "version_value": "10.5"
}, },
{ {
"version_value" : "10.1" "version_value": "10.1"
}, },
{ {
"version_value" : "9.7" "version_value": "9.7"
}, },
{ {
"version_value" : "11.1" "version_value": "11.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "8.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22016143", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22016143" "lang": "eng",
}, "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648."
{ }
"name" : "1040967", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1040967" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-db2-cve20181544-bo(142648)", "A": "H",
"refsource" : "XF", "AC": "L",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648" "AV": "L",
} "C": "H",
] "I": "H",
} "PR": "N",
} "S": "U",
"SCORE": "8.400",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22016143",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22016143"
},
{
"name": "ibm-db2-cve20181544-bo(142648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142648"
},
{
"name": "1040967",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040967"
}
]
}
}

184
2018/1xxx/CVE-2018-1742.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-05T00:00:00", "DATE_PUBLIC": "2018-10-05T00:00:00",
"ID" : "CVE-2018-1742", "ID": "CVE-2018-1742",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Key Lifecycle Manager", "product_name": "Security Key Lifecycle Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.6" "version_value": "2.6"
}, },
{ {
"version_value" : "2.7" "version_value": "2.7"
}, },
{ {
"version_value" : "3.0" "version_value": "3.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "L",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "C",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733419", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733419" "lang": "eng",
}, "value": "IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421."
{ }
"name" : "ibm-tivoli-cve20181742-info-disc(148421)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148421" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "C",
"SCORE": "5.900",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10733419",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10733419"
},
{
"name": "ibm-tivoli-cve20181742-info-disc(148421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148421"
}
]
}
}

192
2018/1xxx/CVE-2018-1755.json
View File

@ -1,98 +1,98 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-22T00:00:00", "DATE_PUBLIC": "2018-08-22T00:00:00",
"ID" : "CVE-2018-1755", "ID": "CVE-2018-1755",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebSphere Application Server", "product_name": "WebSphere Application Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Liberty" "version_value": "Liberty"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728689", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728689" "lang": "eng",
}, "value": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication."
{ }
"name" : "105150", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105150" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "1041558", "A": "N",
"refsource" : "SECTRACK", "AC": "H",
"url" : "http://www.securitytracker.com/id/1041558" "AV": "N",
}, "C": "H",
{ "I": "N",
"name" : "ibm-websphere-cve20181755-info-disc(148597)", "PR": "N",
"refsource" : "XF", "S": "U",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597" "SCORE": "5.900",
} "UI": "N"
] },
} "TM": {
} "E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181755-info-disc(148597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597"
},
{
"name": "1041558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041558"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10728689",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10728689"
},
{
"name": "105150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105150"
}
]
}
}

120
2018/5xxx/CVE-2018-5079.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5079", "ID": "CVE-2018-5079",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130" "lang": "eng",
} "value": "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130",
"refsource": "MISC",
"url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x83002130"
}
]
}
}

162
2018/5xxx/CVE-2018-5142.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-5142", "ID": "CVE-2018-5142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "59" "version_value": "59"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357" "lang": "eng",
}, "value": "If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3596-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3596-1/" "lang": "eng",
}, "value": "Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs"
{ }
"name" : "103386", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/103386" ]
}, },
{ "references": {
"name" : "1040514", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040514" "name": "103386",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/103386"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366357"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
}
]
}
}

126
2018/5xxx/CVE-2018-5202.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vuln@krcert.or.kr", "ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC" : "2018-12-21T06:30:00.000Z", "DATE_PUBLIC": "2018-12-21T06:30:00.000Z",
"ID" : "CVE-2018-5202", "ID": "CVE-2018-5202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SKCertService", "product_name": "SKCertService",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_name" : "SKCertService", "version_name": "SKCertService",
"version_value" : "2.5.5" "version_value": "2.5.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SIGNKOREA" "vendor_name": "SIGNKOREA"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119" "lang": "eng",
} "value": "SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30119"
}
]
}
}

120
2018/5xxx/CVE-2018-5747.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5747", "ID": "CVE-2018-5747",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ckolivas/lrzip/issues/90", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ckolivas/lrzip/issues/90" "lang": "eng",
} "value": "In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ckolivas/lrzip/issues/90",
"refsource": "MISC",
"url": "https://github.com/ckolivas/lrzip/issues/90"
}
]
}
}

34
2018/5xxx/CVE-2018-5922.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5922", "ID": "CVE-2018-5922",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }