admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:22:56 +00:00
parent 5f6d84c100
commit be89dd1e85
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4077 additions and 4078 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2008/0xxx/CVE-2008-0044.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0044", "ID": "CVE-2008-0044",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=307562", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=307562" "lang": "eng",
}, "value": "Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL."
{ }
"name" : "APPLE-SA-2008-03-18", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA08-079A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28320", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28320" ]
}, },
{ "references": {
"name" : "28304", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28304" "name": "28304",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28304"
"name" : "ADV-2008-0924", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0924/references" "name": "TA08-079A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
"name" : "1019640", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019640" "name": "ADV-2008-0924",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0924/references"
"name" : "29420", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29420" "name": "macos-afpclient-bo(41319)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41319"
"name" : "macos-afpclient-bo(41319)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41319" "name": "29420",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29420"
} },
} {
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "28320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28320"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "1019640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019640"
}
]
}
}

210
2008/0xxx/CVE-2008-0343.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0343", "ID": "CVE-2008-0343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-017A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" ]
}, },
{ "references": {
"name" : "27229", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27229" "name": "1019218",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019218"
"name" : "ADV-2008-0150", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0150" "name": "27229",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27229"
"name" : "ADV-2008-0180", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0180" "name": "TA08-017A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
"name" : "1019218", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019218" "name": "ADV-2008-0150",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0150"
"name" : "28518", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28518" "name": "ADV-2008-0180",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0180"
"name" : "28556", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28556" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name": "28556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28556"
},
{
"name": "28518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28518"
}
]
}
}

160
2008/0xxx/CVE-2008-0609.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0609", "ID": "CVE-2008-0609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080204 [DSECRG-08-010] VHD Web Pack 2.0 Local File Include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487485/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
{ }
"name" : "5060", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5060" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27621", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27621" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28712", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28712" ]
}, },
{ "references": {
"name" : "3613", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3613" "name": "3613",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3613"
} },
} {
"name": "27621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27621"
},
{
"name": "28712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28712"
},
{
"name": "5060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5060"
},
{
"name": "20080204 [DSECRG-08-010] VHD Web Pack 2.0 Local File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487485/100/0/threaded"
}
]
}
}

140
2008/0xxx/CVE-2008-0835.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0835", "ID": "CVE-2008-0835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080217 Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488288/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter."
{ }
"name" : "5131", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5131" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27843", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27843" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5131",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5131"
},
{
"name": "27843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27843"
},
{
"name": "20080217 Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488288/100/0/threaded"
}
]
}
}

34
2008/0xxx/CVE-2008-0954.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0954", "ID": "CVE-2008-0954",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2008/1xxx/CVE-2008-1058.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1058", "ID": "CVE-2008-1058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080222 007: RELIABILITY FIX: February 22, 2008", "description_data": [
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata42.html#007_tcprespond" "lang": "eng",
}, "value": "The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information."
{ }
"name" : "20080222 013: RELIABILITY FIX: February 22, 2008", ]
"refsource" : "OPENBSD", },
"url" : "http://www.openbsd.org/errata41.html#013_tcprespond" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27949", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27949" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-0660", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/0660" ]
}, },
{ "references": {
"name" : "1019495", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019495" "name": "29078",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29078"
"name" : "29078", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29078" "name": "20080222 007: RELIABILITY FIX: February 22, 2008",
} "refsource": "OPENBSD",
] "url": "http://www.openbsd.org/errata42.html#007_tcprespond"
} },
} {
"name": "1019495",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019495"
},
{
"name": "ADV-2008-0660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0660"
},
{
"name": "27949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27949"
},
{
"name": "20080222 013: RELIABILITY FIX: February 22, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata41.html#013_tcprespond"
}
]
}
}

450
2008/1xxx/CVE-2008-1693.json
View File

@ -1,227 +1,227 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2008-1693", "ID": "CVE-2008-1693",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1548", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1548" "lang": "eng",
}, "value": "The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object."
{ }
"name" : "DSA-1606", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2008/dsa-1606" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2008-3312", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200804-18", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200804-18.xml" ]
}, },
{ "references": {
"name" : "MDVSA-2008:089", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:089" "name": "29869",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29869"
"name" : "MDVSA-2008:173", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:173" "name": "SUSE-SR:2008:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
"name" : "MDVSA-2008:197", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:197" "name": "MDVSA-2008:173",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:173"
"name" : "RHSA-2008:0238", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0238.html" "name": "oval:org.mitre.oval:def:11226",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226"
"name" : "RHSA-2008:0239", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0239.html" "name": "ADV-2008-1265",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1265/references"
"name" : "RHSA-2008:0240", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0240.html" "name": "MDVSA-2008:089",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:089"
"name" : "RHSA-2008:0262", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0262.html" "name": "29884",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29884"
"name" : "SUSE-SR:2008:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html" "name": "30019",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30019"
"name" : "SUSE-SR:2008:013", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2008_13_sr.html" "name": "29885",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29885"
"name" : "USN-603-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-603-1" "name": "1019893",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019893"
"name" : "USN-603-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-603-2" "name": "28830",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28830"
"name" : "28830", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28830" "name": "29853",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29853"
"name" : "oval:org.mitre.oval:def:11226", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226" "name": "29851",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29851"
"name" : "ADV-2008-1265", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1265/references" "name": "29816",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29816"
"name" : "ADV-2008-1266", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1266/references" "name": "MDVSA-2008:197",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:197"
"name" : "1019893", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019893" "name": "RHSA-2008:0239",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0239.html"
"name" : "29851", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29851" "name": "DSA-1548",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1548"
"name" : "29853", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29853" "name": "DSA-1606",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1606"
"name" : "29816", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29816" "name": "RHSA-2008:0240",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0240.html"
"name" : "29834", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29834" "name": "GLSA-200804-18",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200804-18.xml"
"name" : "29836", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29836" "name": "29868",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29868"
"name" : "29868", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29868" "name": "ADV-2008-1266",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1266/references"
"name" : "29869", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29869" "name": "RHSA-2008:0262",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0262.html"
"name" : "29884", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29884" "name": "31035",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31035"
"name" : "29885", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29885" "name": "xpdf-pdf-code-execution(41884)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41884"
"name" : "30033", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30033" "name": "30033",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30033"
"name" : "30019", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30019" "name": "29836",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29836"
"name" : "30717", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30717" "name": "29834",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29834"
"name" : "31035", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31035" "name": "RHSA-2008:0238",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0238.html"
"name" : "xpdf-pdf-code-execution(41884)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41884" "name": "FEDORA-2008-3312",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html"
} },
} {
"name": "USN-603-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-603-2"
},
{
"name": "USN-603-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-603-1"
},
{
"name": "SUSE-SR:2008:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30717"
}
]
}
}

180
2008/4xxx/CVE-2008-4080.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4080", "ID": "CVE-2008-4080",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080909 Stash v1.0.3 Admin bypass / Remote File Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496142/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "6402", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/6402" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31079", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31079" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47994", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/47994" ]
}, },
{ "references": {
"name" : "31818", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31818" "name": "stash-downloadmp3-sql-injection(44989)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44989"
"name" : "4252", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4252" "name": "4252",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4252"
"name" : "stash-downloadmp3-sql-injection(44989)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44989" "name": "31818",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31818"
} },
} {
"name": "6402",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6402"
},
{
"name": "31079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31079"
},
{
"name": "20080909 Stash v1.0.3 Admin bypass / Remote File Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496142/100/0/threaded"
},
{
"name": "47994",
"refsource": "OSVDB",
"url": "http://osvdb.org/47994"
}
]
}
}

170
2008/4xxx/CVE-2008-4092.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4092", "ID": "CVE-2008-4092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6347", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6347" "lang": "eng",
}, "value": "SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter."
{ }
"name" : "http://websecurity.com.ua/2398/", ]
"refsource" : "MISC", },
"url" : "http://websecurity.com.ua/2398/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30959", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30959" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2469", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2469" ]
}, },
{ "references": {
"name" : "4261", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4261" "name": "4261",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4261"
"name" : "myphpnuke-printfeature-sql-injection(44798)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798" "name": "ADV-2008-2469",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2469"
} },
} {
"name": "myphpnuke-printfeature-sql-injection(44798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44798"
},
{
"name": "6347",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6347"
},
{
"name": "http://websecurity.com.ua/2398/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/2398/"
},
{
"name": "30959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30959"
}
]
}
}

200
2008/4xxx/CVE-2008-4160.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4160", "ID": "CVE-2008-4160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-383.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-383.htm" "lang": "eng",
}, "value": "Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation."
{ }
"name" : "242267", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242267-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31250", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31250" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5639", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5639" ]
}, },
{ "references": {
"name" : "ADV-2008-2626", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2626" "name": "31919",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31919"
"name" : "1020899", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020899" "name": "solaris-acl-dos(45236)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45236"
"name" : "31919", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31919" "name": "1020899",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020899"
"name" : "32125", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32125" "name": "32125",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32125"
"name" : "solaris-acl-dos(45236)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45236" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-383.htm",
} "refsource": "CONFIRM",
] "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-383.htm"
} },
} {
"name": "242267",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242267-1"
},
{
"name": "oval:org.mitre.oval:def:5639",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5639"
},
{
"name": "ADV-2008-2626",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2626"
},
{
"name": "31250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31250"
}
]
}
}

140
2008/4xxx/CVE-2008-4162.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4162", "ID": "CVE-2008-4162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080911 Nooms 1.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496236/100/0/threaded" "lang": "eng",
}, "value": "Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter."
{ }
"name" : "4289", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4289" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "nooms-auth-xss(45075)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45075" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "nooms-auth-xss(45075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45075"
},
{
"name": "4289",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4289"
},
{
"name": "20080911 Nooms 1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496236/100/0/threaded"
}
]
}
}

190
2008/4xxx/CVE-2008-4958.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4958", "ID": "CVE-2008-4958",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" "lang": "eng",
}, "value": "gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://uvw.ru/report.lenny.txt", "description": [
"refsource" : "MISC", {
"url" : "http://uvw.ru/report.lenny.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.debian.org/496378", ]
"refsource" : "CONFIRM", }
"url" : "http://bugs.debian.org/496378" ]
}, },
{ "references": {
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/gdrae", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/gdrae" "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", },
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
"name" : "30888", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30888" "name": "http://bugs.debian.org/496378",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/496378"
"name" : "gdrae-gdrae-symlink(44838)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44838" "name": "http://dev.gentoo.org/~rbu/security/debiantemp/gdrae",
} "refsource": "CONFIRM",
] "url": "http://dev.gentoo.org/~rbu/security/debiantemp/gdrae"
} },
} {
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "30888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30888"
},
{
"name": "gdrae-gdrae-symlink(44838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44838"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415"
}
]
}
}

170
2008/5xxx/CVE-2008-5002.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5002", "ID": "CVE-2008-5002",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6963", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6963" "lang": "eng",
}, "value": "Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information."
{ }
"name" : "32073", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32073" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2998", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2998" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32513", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32513" ]
}, },
{ "references": {
"name" : "4571", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4571" "name": "4571",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4571"
"name" : "chilkat-crypt-activex-file-overwrite(46315)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46315" "name": "chilkat-crypt-activex-file-overwrite(46315)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46315"
} },
} {
"name": "32513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32513"
},
{
"name": "6963",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6963"
},
{
"name": "ADV-2008-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2998"
},
{
"name": "32073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32073"
}
]
}
}

160
2013/2xxx/CVE-2013-2719.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-2719", "ID": "CVE-2013-2719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341."
{ }
"name" : "GLSA-201308-03", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0826", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:0809", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:16754", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16754" "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html"
} },
} {
"name": "oval:org.mitre.oval:def:16754",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16754"
},
{
"name": "SUSE-SU-2013:0809",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html"
},
{
"name": "RHSA-2013:0826",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

190
2013/2xxx/CVE-2013-2912.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2912", "ID": "CVE-2013-2912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=276368", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=276368" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/chrome?revision=222614&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/chrome?revision=222614&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2785", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2785" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1556", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
"name" : "openSUSE-SU-2013:1861", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" "name": "openSUSE-SU-2014:0065",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name" : "openSUSE-SU-2014:0065", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" "name": "DSA-2785",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2785"
"name" : "oval:org.mitre.oval:def:18962", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962" "name": "oval:org.mitre.oval:def:18962",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18962"
} },
} {
"name": "openSUSE-SU-2013:1556",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=222614&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=222614&view=revision"
},
{
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=276368",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=276368"
}
]
}
}

190
2013/2xxx/CVE-2013-2915.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2915", "ID": "CVE-2013-2915",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" "lang": "eng",
}, "value": "Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=280512", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=280512" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/chrome?revision=222146&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/chrome?revision=222146&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2785", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2785" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1556", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
"name" : "openSUSE-SU-2013:1861", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" "name": "openSUSE-SU-2014:0065",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name" : "openSUSE-SU-2014:0065", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" "name": "DSA-2785",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2785"
"name" : "oval:org.mitre.oval:def:18319", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319" "name": "openSUSE-SU-2013:1556",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
} },
} {
"name": "https://src.chromium.org/viewvc/chrome?revision=222146&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=222146&view=revision"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=280512",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=280512"
},
{
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:18319",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18319"
}
]
}
}

120
2013/3xxx/CVE-2013-3059.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3059", "ID": "CVE-2013-3059",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html"
}
]
}
}

34
2013/3xxx/CVE-2013-3105.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3105", "ID": "CVE-2013-3105",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2013/3xxx/CVE-2013-3343.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-3343", "ID": "CVE-2013-3343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-16.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-16.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "RHSA-2013:0941", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0941.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:1063", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00179.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:1039", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00016.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1040", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00164.html" "name": "http://www.adobe.com/support/security/bulletins/apsb13-16.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb13-16.html"
"name" : "oval:org.mitre.oval:def:17030", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17030" "name": "SUSE-SU-2013:1039",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00016.html"
} },
} {
"name": "openSUSE-SU-2013:1063",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00179.html"
},
{
"name": "openSUSE-SU-2013:1040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00164.html"
},
{
"name": "oval:org.mitre.oval:def:17030",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17030"
},
{
"name": "RHSA-2013:0941",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0941.html"
}
]
}
}

130
2013/3xxx/CVE-2013-3357.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-3357", "ID": "CVE-2013-3357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3358."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-22.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-22.html" "lang": "eng",
}, "value": "Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3358."
{ }
"name" : "oval:org.mitre.oval:def:19064", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19064" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:19064",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19064"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-22.html"
}
]
}
}

290
2013/4xxx/CVE-2013-4115.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4115", "ID": "CVE-2013-4115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/07/11/8" "lang": "eng",
}, "value": "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request."
{ }
"name" : "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", ]
"refsource" : "CONFIRM", }
"url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch" ]
}, },
{ "references": {
"name" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch" "name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch"
"name" : "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", },
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch" "name": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"
"name" : "openSUSE-SU-2013:1435", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html" "name": "54076",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54076"
"name" : "openSUSE-SU-2013:1436", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html" "name": "SUSE-SU-2016:1996",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
"name" : "openSUSE-SU-2013:1441", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html" "name": "openSUSE-SU-2013:1441",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html"
"name" : "openSUSE-SU-2013:1444", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html" "name": "openSUSE-SU-2013:1444",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html"
"name" : "openSUSE-SU-2013:1443", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html" "name": "54834",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54834"
"name" : "SUSE-SU-2016:1996", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" "name": "openSUSE-SU-2013:1443",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
"name" : "SUSE-SU-2016:2089", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" "name": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch"
"name" : "61111", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/61111" "name": "61111",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/61111"
"name" : "54076", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54076" "name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch"
"name" : "54834", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54834" "name": "54839",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54839"
"name" : "54839", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54839" "name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch"
"name" : "squid-idnsalookup-bo(85564)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564" "name": "SUSE-SU-2016:2089",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
} },
} {
"name": "openSUSE-SU-2013:1435",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"name": "squid-idnsalookup-bo(85564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564"
},
{
"name": "openSUSE-SU-2013:1436",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"name": "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/8"
}
]
}
}

34
2013/4xxx/CVE-2013-4323.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4323", "ID": "CVE-2013-4323",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2013/4xxx/CVE-2013-4538.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4538", "ID": "CVE-2013-4538",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" "lang": "eng",
}, "value": "Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image."
{ }
"name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", ]
"refsource" : "MLIST", },
"url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=ead7a57df37d2187813a121308213f41591bd811", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=ead7a57df37d2187813a121308213f41591bd811" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2014-6288", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ead7a57df37d2187813a121308213f41591bd811",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ead7a57df37d2187813a121308213f41591bd811"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
}

120
2013/6xxx/CVE-2013-6009.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6009", "ID": "CVE-2013-6009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130930 Open-Xchange Security Advisory 2013-09-30", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/528940" "lang": "eng",
} "value": "CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130930 Open-Xchange Security Advisory 2013-09-30",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/528940"
}
]
}
}

150
2013/6xxx/CVE-2013-6017.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-6017", "ID": "CVE-2013-6017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://atmail.com/changelog/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://atmail.com/changelog/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element."
{ }
"name" : "VU#204950", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/204950" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64779", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64779" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "101937", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/101937" ]
} },
] "references": {
} "reference_data": [
} {
"name": "101937",
"refsource": "OSVDB",
"url": "http://osvdb.org/101937"
},
{
"name": "64779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64779"
},
{
"name": "VU#204950",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/204950"
},
{
"name": "http://atmail.com/changelog/",
"refsource": "CONFIRM",
"url": "http://atmail.com/changelog/"
}
]
}
}

34
2013/6xxx/CVE-2013-6071.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6071", "ID": "CVE-2013-6071",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2013/6xxx/CVE-2013-6346.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6346", "ID": "CVE-2013-6346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/kb/doc.php?id=7012027", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/kb/doc.php?id=7012027" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012027",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012027"
}
]
}
}

120
2013/6xxx/CVE-2013-6454.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6454", "ID": "CVE-2013-6454",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html"
}
]
}
}

130
2013/6xxx/CVE-2013-6990.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6990", "ID": "CVE-2013-6990",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.fortiguard.com/advisory/FG-IR-13-016/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.fortiguard.com/advisory/FG-IR-13-016/" "lang": "eng",
}, "value": "FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface."
{ }
"name" : "fortiauthenticator-cve20136990-priv-esc(96200)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96200" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fortiauthenticator-cve20136990-priv-esc(96200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96200"
},
{
"name": "http://www.fortiguard.com/advisory/FG-IR-13-016/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-13-016/"
}
]
}
}

180
2013/7xxx/CVE-2013-7186.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7186", "ID": "CVE-2013-7186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30032", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/30032" "lang": "eng",
}, "value": "Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file."
{ }
"name" : "http://packetstormsecurity.com/files/124282", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/124282" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/124283", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/124283" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/124284", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/124284" ]
}, },
{ "references": {
"name" : "mymp3pro-dep-bo(89469)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89469" "name": "http://packetstormsecurity.com/files/124284",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/124284"
"name" : "mymp3pro-m3u-bo(89454)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89454" "name": "30032",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/30032"
"name" : "mymp3pro-seh-bo(89468)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89468" "name": "mymp3pro-dep-bo(89469)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89469"
} },
} {
"name": "mymp3pro-seh-bo(89468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89468"
},
{
"name": "mymp3pro-m3u-bo(89454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89454"
},
{
"name": "http://packetstormsecurity.com/files/124283",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124283"
},
{
"name": "http://packetstormsecurity.com/files/124282",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124282"
}
]
}
}

150
2013/7xxx/CVE-2013-7219.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7219", "ID": "CVE-2013-7219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140116 SQL Injection in Sexy Polling Joomla Extension", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/530789/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter."
{ }
"name" : "https://www.htbridge.com/advisory/HTB23193", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.com/advisory/HTB23193" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://2glux.com/forum/sexypolling/sexy-polling-security-vulnerability-notification-t2026.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://2glux.com/forum/sexypolling/sexy-polling-security-vulnerability-notification-t2026.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sexypolling-cve20137219-sql-injection(90519)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90519" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://2glux.com/forum/sexypolling/sexy-polling-security-vulnerability-notification-t2026.html",
"refsource": "CONFIRM",
"url": "http://2glux.com/forum/sexypolling/sexy-polling-security-vulnerability-notification-t2026.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23193",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23193"
},
{
"name": "20140116 SQL Injection in Sexy Polling Joomla Extension",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530789/100/0/threaded"
},
{
"name": "sexypolling-cve20137219-sql-injection(90519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90519"
}
]
}
}

120
2013/7xxx/CVE-2013-7247.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7247", "ID": "CVE-2013-7247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt" "lang": "eng",
} "value": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
]
}
}

142
2017/10xxx/CVE-2017-10237.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10237", "ID": "CVE-2017-10237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Oracle VM VirtualBox", "product_name": "Oracle VM VirtualBox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.1.24" "version_value": "5.1.24"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
{ }
"name" : "99667", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99667" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038929", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038929" "lang": "eng",
} "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038929"
},
{
"name": "99667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99667"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10720.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10720", "ID": "CVE-2017-10720",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/10xxx/CVE-2017-10882.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10882", "ID": "CVE-2017-10882",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/10xxx/CVE-2017-10966.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10966", "ID": "CVE-2017-10966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291" "lang": "eng",
}, "value": "An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table."
{ }
"name" : "https://irssi.org/security/irssi_sa_2017_07.txt", ]
"refsource" : "CONFIRM", },
"url" : "https://irssi.org/security/irssi_sa_2017_07.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4016", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4016" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-4016",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4016"
},
{
"name": "https://irssi.org/security/irssi_sa_2017_07.txt",
"refsource": "CONFIRM",
"url": "https://irssi.org/security/irssi_sa_2017_07.txt"
},
{
"name": "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291",
"refsource": "CONFIRM",
"url": "https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291"
}
]
}
}

142
2017/13xxx/CVE-2017-13097.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2017-13097", "ID": "CVE-2017-13097",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement" "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Standard", "product_name": "Standard",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "=", "affected": "=",
"version_name" : "P1735", "version_name": "P1735",
"version_value" : "P1735" "version_value": "P1735"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IEEE" "vendor_name": "IEEE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-310"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#739007", "description_data": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/739007" "lang": "eng",
}, "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
{ }
"name" : "101699", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101699" "problemtype": {
} "problemtype_data": [
] {
}, "description": [
"source" : { {
"discovery" : "UNKNOWN" "lang": "eng",
} "value": "CWE-310"
} }
]
}
]
},
"references": {
"reference_data": [
{
"name": "101699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101699"
},
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

194
2017/13xxx/CVE-2017-13261.json
View File

@ -1,99 +1,99 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00", "DATE_PUBLIC": "2018-03-05T00:00:00",
"ID" : "CVE-2017-13261", "ID": "CVE-2017-13261",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44326", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44326/" "lang": "eng",
}, "value": "In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292."
{ }
"name" : "44327", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/44327/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2018-03-01", "description": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-03-01" "lang": "eng",
}, "value": "Information disclosure"
{ }
"name" : "103253", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/103253" ]
} },
] "references": {
} "reference_data": [
} {
"name": "44327",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44327/"
},
{
"name": "https://source.android.com/security/bulletin/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name": "44326",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44326/"
},
{
"name": "103253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103253"
}
]
}
}

34
2017/13xxx/CVE-2017-13481.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13481", "ID": "CVE-2017-13481",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13660.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13660", "ID": "CVE-2017-13660",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2017/17xxx/CVE-2017-17055.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17055", "ID": "CVE-2017-17055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43206", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43206/" "lang": "eng",
}, "value": "Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php."
{ }
"name" : "20171201 Artica Web Proxy v3.06 Remote Code Execution / CVE-2017-17055", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Dec/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt", "description": [
"refsource" : "MISC", {
"url" : "http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20171201 Artica Web Proxy v3.06 Remote Code Execution / CVE-2017-17055",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/3"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt"
},
{
"name": "43206",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43206/"
},
{
"name": "http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145183/Artica-Web-Proxy-3.06.112216-Remote-Code-Execution.html"
}
]
}
}

120
2017/17xxx/CVE-2017-17156.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17156", "ID": "CVE-2017-17156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500", "product_name": "IPS,Module,NGFW,Module,NIP6300,NIP6600,Secospace,USG6300,Secospace,USG6500,Secospace,USG6600,USG9500",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE" "version_value": "IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds memory access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en" "lang": "eng",
} "value": "IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NGFW Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, NIP6600 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, Secospace USG6300 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE, Secospace USG6600 V500R001C00, V500R001C00SPC100, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC301, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200PWE, V500R001C20SPC300, V500R001C20SPC300B078, V500R001C20SPC300PWE, USG9500 V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC303, V500R001C00SPC500, V500R001C00SPC500PWE, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC101, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE has an out-of-bounds memory access vulnerability due to insufficient input validation. An attacker could exploit it to craft special packets to trigger out-of-bounds memory access, which may further lead to system exceptions."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds memory access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ikev2-en"
}
]
}
}

260
2017/17xxx/CVE-2017-17742.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17742", "ID": "CVE-2017-17742",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html" "lang": "eng",
}, "value": "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick."
{ }
"name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/" ]
}, },
{ "references": {
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/" "name": "USN-3685-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3685-1/"
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", },
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/" "name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",
}, "refsource": "CONFIRM",
{ "url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", },
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/" "name": "103684",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/103684"
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", },
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/" "name": "RHSA-2018:3729",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3729"
"name" : "DSA-4259", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4259" "name": "1042004",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1042004"
"name" : "RHSA-2018:3729", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3729" "name": "RHSA-2018:3730",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3730"
"name" : "RHSA-2018:3730", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3730" "name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
"name" : "RHSA-2018:3731", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3731" "name": "RHSA-2018:3731",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3731"
"name" : "USN-3685-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3685-1/" "name": "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/",
}, "refsource": "CONFIRM",
{ "url": "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"
"name" : "103684", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103684" "name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",
}, "refsource": "CONFIRM",
{ "url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
"name" : "1042004", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1042004" "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
} "refsource": "MLIST",
] "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
} },
} {
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name": "DSA-4259",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
}
]
}
}

130
2017/17xxx/CVE-2017-17970.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17970", "ID": "CVE-2017-17970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43477", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43477/" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php."
{ }
"name" : "http://packetstormsecurity.com/files/145834/Muviko-1.1-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/145834/Muviko-1.1-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/145834/Muviko-1.1-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145834/Muviko-1.1-SQL-Injection.html"
},
{
"name": "43477",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43477/"
}
]
}
}

130
2017/9xxx/CVE-2017-9633.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-9633", "ID": "CVE-2017-9633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Continental AG Infineon S-Gold 2 (PMB 8876)", "product_name": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Continental AG Infineon S-Gold 2 (PMB 8876)" "version_value": "Continental AG Infineon S-Gold 2 (PMB 8876)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01" "lang": "eng",
}, "value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU."
{ }
"name" : "100132", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100132" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100132"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
]
}
}

140
2017/9xxx/CVE-2017-9933.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9933", "ID": "CVE-2017-9933",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure" "lang": "eng",
}, "value": "Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents."
{ }
"name" : "99450", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99450" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038817", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038817" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99450"
},
{
"name": "1038817",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038817"
},
{
"name": "https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure"
}
]
}
}

140
2018/0xxx/CVE-2018-0160.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0160", "ID": "CVE-2018-0160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XE", "product_name": "Cisco IOS XE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XE" "version_value": "Cisco IOS XE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-415"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos" "lang": "eng",
}, "value": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."
{ }
"name" : "103575", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103575" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040584", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040584" "lang": "eng",
} "value": "CWE-415"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103575"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"
},
{
"name": "1040584",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040584"
}
]
}
}

130
2018/0xxx/CVE-2018-0407.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0407", "ID": "CVE-2018-0407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Small Business 300 Series Managed Switches unknown", "product_name": "Cisco Small Business 300 Series Managed Switches unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Small Business 300 Series Managed Switches unknown" "version_value": "Cisco Small Business 300 Series Managed Switches unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss" "lang": "eng",
}, "value": "A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326."
{ }
"name" : "104947", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104947" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104947"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss"
}
]
}
}

160
2018/0xxx/CVE-2018-0502.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2018-0502", "ID": "CVE-2018-0502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "zsh before 5.6", "product_name": "zsh before 5.6",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "zsh before 5.6" "version_value": "zsh before 5.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "improper parsing"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/908000", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.debian.org/908000" "lang": "eng",
}, "value": "An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line."
{ }
"name" : "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d", ]
"refsource" : "MISC", },
"url" : "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.zsh.org/mla/zsh-announce/136", "description": [
"refsource" : "MISC", {
"url" : "https://www.zsh.org/mla/zsh-announce/136" "lang": "eng",
}, "value": "improper parsing"
{ }
"name" : "GLSA-201903-02", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201903-02" ]
}, },
{ "references": {
"name" : "USN-3764-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3764-1/" "name": "https://bugs.debian.org/908000",
} "refsource": "MISC",
] "url": "https://bugs.debian.org/908000"
} },
} {
"name": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"name": "https://www.zsh.org/mla/zsh-announce/136",
"refsource": "MISC",
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-02"
}
]
}
}

130
2018/0xxx/CVE-2018-0586.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0586", "ID": "CVE-2018-0586",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Ultimate Member", "product_name": "Ultimate Member",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 2.0.4" "version_value": "prior to version 2.0.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Ultimate Member" "vendor_name": "Ultimate Member"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wordpress.org/plugins/ultimate-member/#developers", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/plugins/ultimate-member/#developers" "lang": "eng",
}, "value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
{ }
"name" : "JVN#28804532", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#28804532",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
},
{
"name": "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
}
]
}
}

142
2018/0xxx/CVE-2018-0815.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00", "DATE_PUBLIC": "2018-03-14T00:00:00",
"ID" : "CVE-2018-0815", "ID": "CVE-2018-0815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows", "product_name": "Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1" "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0816, and CVE-2018-0817."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0815", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0815" "lang": "eng",
}, "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows GDI Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0816, and CVE-2018-0817."
{ }
"name" : "103234", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103234" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040515", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040515" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1040515",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040515"
},
{
"name": "103234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103234"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0815",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0815"
}
]
}
}

35
2018/1000xxx/CVE-2018-1000220.json
View File

@ -1,19 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"DATE_ASSIGNED" : "2018-06-21", "data_version": "4.0",
"ID" : "CVE-2018-1000220", "CVE_data_meta": {
"STATE" : "REJECT" "ID": "CVE-2018-1000220",
}, "ASSIGNER": "cve@mitre.org",
"data_format" : "MITRE", "STATE": "REJECT"
"data_type" : "CVE", },
"data_version" : "4.0", "description": {
"description" : { "description_data": [
"description_data" : [ {
{ "lang": "eng",
"lang" : "eng", "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5462. Reason: This candidate is a reservation duplicate of CVE-2014-5462. Notes: All CVE users should reference CVE-2014-5462 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5462. Reason: This candidate is a reservation duplicate of CVE-2014-5462. Notes: All CVE users should reference CVE-2014-5462 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." }
} ]
] }
} }
}

120
2018/18xxx/CVE-2018-18282.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18282", "ID": "CVE-2018-18282",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/zeit/next.js/releases/tag/7.0.2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/zeit/next.js/releases/tag/7.0.2" "lang": "eng",
} "value": "Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/releases/tag/7.0.2",
"refsource": "MISC",
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
]
}
}

130
2018/19xxx/CVE-2018-19705.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-19705", "ID": "CVE-2018-19705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "106162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106162" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

130
2018/19xxx/CVE-2018-19714.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-19714", "ID": "CVE-2018-19714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "106162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106162" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

34
2018/19xxx/CVE-2018-19832.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19832", "ID": "CVE-2018-19832",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/19xxx/CVE-2018-19883.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19883", "ID": "CVE-2018-19883",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/1xxx/CVE-2018-1119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-1119", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-1119",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10184. Reason: This candidate is a reservation duplicate of CVE-2018-10184. Notes: All CVE users should reference CVE-2018-10184 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10184. Reason: This candidate is a reservation duplicate of CVE-2018-10184. Notes: All CVE users should reference CVE-2018-10184 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2018/1xxx/CVE-2018-1625.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1625", "ID": "CVE-2018-1625",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2018/1xxx/CVE-2018-1728.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-03T00:00:00", "DATE_PUBLIC": "2018-12-03T00:00:00",
"ID" : "CVE-2018-1728", "ID": "CVE-2018-1728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "QRadar SIEM", "product_name": "QRadar SIEM",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2" "version_value": "7.2"
}, },
{ {
"version_value" : "7.3" "version_value": "7.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742723", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742723" "lang": "eng",
}, "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707."
{ }
"name" : "ibm-qradar-cve20181728-xss(147707)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
} "AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-qradar-cve20181728-xss(147707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10742723",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10742723"
}
]
}
}

34
2018/1xxx/CVE-2018-1954.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1954", "ID": "CVE-2018-1954",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }