admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:43:37 +00:00
parent f2e00d662b
commit c17016bd2f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3646 additions and 3628 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2004/0xxx/CVE-2004-0232.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0232", "ID": "CVE-2004-0232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code." "value": "Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "DSA-497", "name": "SuSE-SA:2004:012",
"refsource" : "DEBIAN", "refsource": "SUSE",
"url" : "http://www.debian.org/security/2004/dsa-497" "url": "http://www.novell.com/linux/security/advisories/2004_12_mc.html"
}, },
{ {
"name" : "MDKSA-2004:039", "name": "GLSA-200405-21",
"refsource" : "MANDRAKE", "refsource": "GENTOO",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:039" "url": "http://security.gentoo.org/glsa/glsa-200405-21.xml"
}, },
{ {
"name" : "SuSE-SA:2004:012", "name": "midnight-commander-format-string(16021)",
"refsource" : "SUSE", "refsource": "XF",
"url" : "http://www.novell.com/linux/security/advisories/2004_12_mc.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16021"
}, },
{ {
"name" : "RHSA-2004:172", "name": "MDKSA-2004:039",
"refsource" : "REDHAT", "refsource": "MANDRAKE",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-172.html" "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:039"
}, },
{ {
"name" : "GLSA-200405-21", "name": "DSA-497",
"refsource" : "GENTOO", "refsource": "DEBIAN",
"url" : "http://security.gentoo.org/glsa/glsa-200405-21.xml" "url": "http://www.debian.org/security/2004/dsa-497"
}, },
{ {
"name" : "midnight-commander-format-string(16021)", "name": "RHSA-2004:172",
"refsource" : "XF", "refsource": "REDHAT",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16021" "url": "http://www.redhat.com/support/errata/RHSA-2004-172.html"
} }
] ]
} }

86
2004/0xxx/CVE-2004-0301.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0301", "ID": "CVE-2004-0301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter." "value": "Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.systemsecure.org/advisories/ssadvisory16022004.php", "name": "9676",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://www.systemsecure.org/advisories/ssadvisory16022004.php" "url": "http://www.securityfocus.com/bid/9676"
}, },
{ {
"name" : "9676", "name": "10902",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/9676" "url": "http://secunia.com/advisories/10902/"
}, },
{ {
"name" : "1009079", "name": "http://www.systemsecure.org/advisories/ssadvisory16022004.php",
"refsource" : "SECTRACK", "refsource": "MISC",
"url" : "http://securitytracker.com/alerts/2004/Feb/1009079.html" "url": "http://www.systemsecure.org/advisories/ssadvisory16022004.php"
}, },
{ {
"name" : "10902", "name": "onlinestorekit-more-xss(15235)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/10902/" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235"
}, },
{ {
"name" : "onlinestorekit-more-xss(15235)", "name": "1009079",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15235" "url": "http://securitytracker.com/alerts/2004/Feb/1009079.html"
} }
] ]
} }

86
2004/1xxx/CVE-2004-1499.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1499", "ID": "CVE-2004-1499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field." "value": "Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM", "name": "13079",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=bugtraq&m=109943858026542&w=2" "url": "http://secunia.com/advisories/13079"
}, },
{ {
"name" : "http://www.hat-squad.com/en/000077.html", "name": "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "http://www.hat-squad.com/en/000077.html" "url": "http://marc.info/?l=bugtraq&m=109943858026542&w=2"
}, },
{ {
"name" : "11586", "name": "http://www.hat-squad.com/en/000077.html",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/11586" "url": "http://www.hat-squad.com/en/000077.html"
}, },
{ {
"name" : "13079", "name": "11586",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/13079" "url": "http://www.securityfocus.com/bid/11586"
}, },
{ {
"name" : "helm-subject-xss(17943)", "name": "helm-subject-xss(17943)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17943" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17943"
} }
] ]
} }

110
2004/1xxx/CVE-2004-1689.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1689", "ID": "CVE-2004-1689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit." "value": "sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20040916 [sudo-announce] Sudo version 1.6.8p1 now available (fwd)", "name": "12596",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=bugtraq&m=109537972929201&w=2" "url": "http://secunia.com/advisories/12596"
}, },
{ {
"name" : "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt", "name": "20040916 [sudo-announce] Sudo version 1.6.8p1 now available (fwd)",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt" "url": "http://marc.info/?l=bugtraq&m=109537972929201&w=2"
}, },
{ {
"name" : "http://www.sudo.ws/sudo/alerts/sudoedit.html", "name": "VU#424358",
"refsource" : "CONFIRM", "refsource": "CERT-VN",
"url" : "http://www.sudo.ws/sudo/alerts/sudoedit.html" "url": "http://www.kb.cert.org/vuls/id/424358"
}, },
{ {
"name" : "VU#424358", "name": "10023",
"refsource" : "CERT-VN", "refsource": "OSVDB",
"url" : "http://www.kb.cert.org/vuls/id/424358" "url": "http://www.osvdb.org/10023"
}, },
{ {
"name" : "O-219", "name": "11204",
"refsource" : "CIAC", "refsource": "BID",
"url" : "http://www.ciac.org/ciac/bulletins/o-219.shtml" "url": "http://www.securityfocus.com/bid/11204"
}, },
{ {
"name" : "11204", "name": "O-219",
"refsource" : "BID", "refsource": "CIAC",
"url" : "http://www.securityfocus.com/bid/11204" "url": "http://www.ciac.org/ciac/bulletins/o-219.shtml"
}, },
{ {
"name" : "10023", "name": "sudo-sudoedit-view-files(17424)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://www.osvdb.org/10023" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17424"
}, },
{ {
"name" : "12596", "name": "http://www.sudo.ws/sudo/alerts/sudoedit.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/12596" "url": "http://www.sudo.ws/sudo/alerts/sudoedit.html"
}, },
{ {
"name" : "sudo-sudoedit-view-files(17424)", "name": "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17424" "url": "http://packetstormsecurity.nl/0409-exploits/sudoedit.txt"
} }
] ]
} }

86
2004/1xxx/CVE-2004-1746.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1746", "ID": "CVE-2004-1746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters." "value": "Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20040824 PHP Code Snippet Library Multiple Cross-Site Scripting (XSS)", "name": "11038",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://marc.info/?l=bugtraq&m=109340580218818&w=2" "url": "http://www.securityfocus.com/bid/11038"
}, },
{ {
"name" : "http://nikyt0x.webcindario.com/0001.txt", "name": "http://nikyt0x.webcindario.com/0001.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://nikyt0x.webcindario.com/0001.txt" "url": "http://nikyt0x.webcindario.com/0001.txt"
}, },
{ {
"name" : "11038", "name": "12370",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/11038" "url": "http://secunia.com/advisories/12370"
}, },
{ {
"name" : "12370", "name": "snippet-index-xss(17108)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/12370" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17108"
}, },
{ {
"name" : "snippet-index-xss(17108)", "name": "20040824 PHP Code Snippet Library Multiple Cross-Site Scripting (XSS)",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17108" "url": "http://marc.info/?l=bugtraq&m=109340580218818&w=2"
} }
] ]
} }

110
2004/1xxx/CVE-2004-1824.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1824", "ID": "CVE-2004-1824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php." "value": "Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities", "name": "vbulletin-showthread-xss(15495)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://marc.info/?l=bugtraq&m=107945556112453&w=2" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495"
}, },
{ {
"name" : "20021121 XSS bug in vBulletin", "name": "6226",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html" "url": "http://www.securityfocus.com/bid/6226"
}, },
{ {
"name" : "9887", "name": "1009440",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/9887" "url": "http://securitytracker.com/id?1009440"
}, },
{ {
"name" : "6226", "name": "9887",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/6226" "url": "http://www.securityfocus.com/bid/9887"
}, },
{ {
"name" : "4312", "name": "20040316 JelSoft vBulletin Multiple XSS Vulnerabilities",
"refsource" : "OSVDB", "refsource": "BUGTRAQ",
"url" : "http://www.osvdb.org/4312" "url": "http://marc.info/?l=bugtraq&m=107945556112453&w=2"
}, },
{ {
"name" : "1009440", "name": "vbulletin-memberlist-xss(10679)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://securitytracker.com/id?1009440" "url": "http://www.iss.net/security_center/static/10679.php"
}, },
{ {
"name" : "11142", "name": "4312",
"refsource" : "SECUNIA", "refsource": "OSVDB",
"url" : "http://secunia.com/advisories/11142" "url": "http://www.osvdb.org/4312"
}, },
{ {
"name" : "vbulletin-showthread-xss(15495)", "name": "20021121 XSS bug in vBulletin",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15495" "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0276.html"
}, },
{ {
"name" : "vbulletin-memberlist-xss(10679)", "name": "11142",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "http://www.iss.net/security_center/static/10679.php" "url": "http://secunia.com/advisories/11142"
} }
] ]
} }

74
2008/0xxx/CVE-2008-0811.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0811", "ID": "CVE-2008-0811",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php." "value": "Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "5130", "name": "5130",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5130" "url": "https://www.exploit-db.com/exploits/5130"
}, },
{ {
"name" : "27841", "name": "27841",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/27841" "url": "http://www.securityfocus.com/bid/27841"
}, },
{ {
"name" : "1019430", "name": "1019430",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019430" "url": "http://www.securitytracker.com/id?1019430"
} }
] ]
} }

92
2008/3xxx/CVE-2008-3237.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3237", "ID": "CVE-2008-3237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter." "value": "Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6069", "name": "itechbids-forwardtofriend-xss(43758)",
"refsource" : "EXPLOIT-DB", "refsource": "XF",
"url" : "https://www.exploit-db.com/exploits/6069" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43758"
}, },
{ {
"name" : "30215", "name": "4015",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/30215" "url": "http://securityreason.com/securityalert/4015"
}, },
{ {
"name" : "ADV-2008-2107", "name": "31084",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2008/2107/references" "url": "http://secunia.com/advisories/31084"
}, },
{ {
"name" : "31084", "name": "30215",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/31084" "url": "http://www.securityfocus.com/bid/30215"
}, },
{ {
"name" : "4015", "name": "ADV-2008-2107",
"refsource" : "SREASON", "refsource": "VUPEN",
"url" : "http://securityreason.com/securityalert/4015" "url": "http://www.vupen.com/english/advisories/2008/2107/references"
}, },
{ {
"name" : "itechbids-forwardtofriend-xss(43758)", "name": "6069",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43758" "url": "https://www.exploit-db.com/exploits/6069"
} }
] ]
} }

86
2008/3xxx/CVE-2008-3285.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3285", "ID": "CVE-2008-3285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters." "value": "The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080718 [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution", "name": "31175",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/archive/1/494536/100/0/threaded" "url": "http://secunia.com/advisories/31175"
}, },
{ {
"name" : "30290", "name": "4027",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/30290" "url": "http://securityreason.com/securityalert/4027"
}, },
{ {
"name" : "31175", "name": "filesyssmb-directory-command-execution(43910)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/31175" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43910"
}, },
{ {
"name" : "4027", "name": "30290",
"refsource" : "SREASON", "refsource": "BID",
"url" : "http://securityreason.com/securityalert/4027" "url": "http://www.securityfocus.com/bid/30290"
}, },
{ {
"name" : "filesyssmb-directory-command-execution(43910)", "name": "20080718 [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43910" "url": "http://www.securityfocus.com/archive/1/494536/100/0/threaded"
} }
] ]
} }

80
2008/4xxx/CVE-2008-4704.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4704", "ID": "CVE-2008-4704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter." "value": "PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6751", "name": "31756",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/6751" "url": "http://www.securityfocus.com/bid/31756"
}, },
{ {
"name" : "31756", "name": "sezhoo-sezhootabsandactions-file-include(45859)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/31756" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45859"
}, },
{ {
"name" : "4473", "name": "6751",
"refsource" : "SREASON", "refsource": "EXPLOIT-DB",
"url" : "http://securityreason.com/securityalert/4473" "url": "https://www.exploit-db.com/exploits/6751"
}, },
{ {
"name" : "sezhoo-sezhootabsandactions-file-include(45859)", "name": "4473",
"refsource" : "XF", "refsource": "SREASON",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45859" "url": "http://securityreason.com/securityalert/4473"
} }
] ]
} }

80
2008/4xxx/CVE-2008-4898.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4898", "ID": "CVE-2008-4898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action." "value": "Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://holisticinfosec.org/content/view/85/45/", "name": "32511",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://holisticinfosec.org/content/view/85/45/" "url": "http://secunia.com/advisories/32511"
}, },
{ {
"name" : "32069", "name": "32069",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/32069" "url": "http://www.securityfocus.com/bid/32069"
}, },
{ {
"name" : "32511", "name": "rateme-rate-xss(46202)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/32511" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46202"
}, },
{ {
"name" : "rateme-rate-xss(46202)", "name": "http://holisticinfosec.org/content/view/85/45/",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46202" "url": "http://holisticinfosec.org/content/view/85/45/"
} }
] ]
} }

80
2008/4xxx/CVE-2008-4946.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4946", "ID": "CVE-2008-4946",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/." "value": "convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
}, },
{ {
"name" : "http://bugs.debian.org/496419", "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://bugs.debian.org/496419" "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
}, },
{ {
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/convirt", "name": "http://dev.gentoo.org/~rbu/security/debiantemp/convirt",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/convirt" "url": "http://dev.gentoo.org/~rbu/security/debiantemp/convirt"
}, },
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", "name": "http://bugs.debian.org/496419",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" "url": "http://bugs.debian.org/496419"
} }
] ]
} }

80
2008/6xxx/CVE-2008-6242.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6242", "ID": "CVE-2008-6242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter." "value": "SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6922", "name": "32039",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/6922" "url": "http://www.securityfocus.com/bid/32039"
}, },
{ {
"name" : "32039", "name": "32525",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/32039" "url": "http://secunia.com/advisories/32525"
}, },
{ {
"name" : "32525", "name": "ezestore-searchresults-sql-injection(46273)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/32525" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46273"
}, },
{ {
"name" : "ezestore-searchresults-sql-injection(46273)", "name": "6922",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46273" "url": "https://www.exploit-db.com/exploits/6922"
} }
] ]
} }

86
2008/6xxx/CVE-2008-6835.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6835", "ID": "CVE-2008-6835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." "value": "Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://drupal.org/node/280592", "name": "30165",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://drupal.org/node/280592" "url": "http://www.securityfocus.com/bid/30165"
}, },
{ {
"name" : "http://drupal.org/node/280593", "name": "46938",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://drupal.org/node/280593" "url": "http://osvdb.org/46938"
}, },
{ {
"name" : "30165", "name": "http://drupal.org/node/280592",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/30165" "url": "http://drupal.org/node/280592"
}, },
{ {
"name" : "46938", "name": "http://drupal.org/node/280593",
"refsource" : "OSVDB", "refsource": "CONFIRM",
"url" : "http://osvdb.org/46938" "url": "http://drupal.org/node/280593"
}, },
{ {
"name" : "31027", "name": "31027",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/31027" "url": "http://secunia.com/advisories/31027"
} }
] ]
} }

86
2008/6xxx/CVE-2008-6929.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6929", "ID": "CVE-2008-6929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/." "value": "Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7082", "name": "50292",
"refsource" : "EXPLOIT-DB", "refsource": "OSVDB",
"url" : "https://www.exploit-db.com/exploits/7082" "url": "http://osvdb.org/50292"
}, },
{ {
"name" : "50292", "name": "32626",
"refsource" : "OSVDB", "refsource": "SECUNIA",
"url" : "http://osvdb.org/50292" "url": "http://secunia.com/advisories/32626"
}, },
{ {
"name" : "32626", "name": "7082",
"refsource" : "SECUNIA", "refsource": "EXPLOIT-DB",
"url" : "http://secunia.com/advisories/32626" "url": "https://www.exploit-db.com/exploits/7082"
}, },
{ {
"name" : "ADV-2008-3098", "name": "ADV-2008-3098",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3098" "url": "http://www.vupen.com/english/advisories/2008/3098"
}, },
{ {
"name" : "auto-carimages-file-upload(52445)", "name": "auto-carimages-file-upload(52445)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52445" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52445"
} }
] ]
} }

104
2008/7xxx/CVE-2008-7214.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7214", "ID": "CVE-2008-7214",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php." "value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", "name": "ADV-2008-0325",
"refsource" : "BUGTRAQ", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/archive/1/487128/100/200/threaded" "url": "http://www.vupen.com/english/advisories/2008/0325"
}, },
{ {
"name" : "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", "name": "mambo-connector-csrf(39985)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
}, },
{ {
"name" : "http://www.bugreport.ir/index_33.htm", "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "http://www.bugreport.ir/index_33.htm" "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
}, },
{ {
"name" : "http://forum.mambo-foundation.org/showthread.php?t=10158", "name": "42531",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://forum.mambo-foundation.org/showthread.php?t=10158" "url": "http://osvdb.org/42531"
}, },
{ {
"name" : "42531", "name": "28670",
"refsource" : "OSVDB", "refsource": "SECUNIA",
"url" : "http://osvdb.org/42531" "url": "http://secunia.com/advisories/28670"
}, },
{ {
"name" : "28670", "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/28670" "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
}, },
{ {
"name" : "ADV-2008-0325", "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
"refsource" : "VUPEN", "refsource": "BUGTRAQ",
"url" : "http://www.vupen.com/english/advisories/2008/0325" "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
}, },
{ {
"name" : "mambo-connector-csrf(39985)", "name": "http://www.bugreport.ir/index_33.htm",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985" "url": "http://www.bugreport.ir/index_33.htm"
} }
] ]
} }

74
2013/2xxx/CVE-2013-2219.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2219", "ID": "CVE-2013-2219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute." "value": "The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=979508", "name": "RHSA-2013:1119",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=979508" "url": "http://rhn.redhat.com/errata/RHSA-2013-1119.html"
}, },
{ {
"name" : "RHSA-2013:1116", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=979508",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1116.html" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979508"
}, },
{ {
"name" : "RHSA-2013:1119", "name": "RHSA-2013:1116",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1119.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-1116.html"
} }
] ]
} }

68
2013/2xxx/CVE-2013-2358.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2013-2358", "ID": "CVE-2013-2358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360." "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "HPSBMU02900", "name": "SSRT100907",
"refsource" : "HP", "refsource": "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
}, },
{ {
"name" : "SSRT100907", "name": "HPSBMU02900",
"refsource" : "HP", "refsource": "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
} }
] ]
} }

22
2013/2xxx/CVE-2013-2768.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2768", "ID": "CVE-2013-2768",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2013/6xxx/CVE-2013-6116.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6116", "ID": "CVE-2013-6116",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

92
2013/6xxx/CVE-2013-6476.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6476", "ID": "CVE-2013-6476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file." "value": "The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176", "name": "USN-2144-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176" "url": "http://www.ubuntu.com/usn/USN-2144-1"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027551", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027551" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027551"
}, },
{ {
"name" : "DSA-2875", "name": "DSA-2876",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2875" "url": "http://www.debian.org/security/2014/dsa-2876"
}, },
{ {
"name" : "DSA-2876", "name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176",
"refsource" : "DEBIAN", "refsource": "CONFIRM",
"url" : "http://www.debian.org/security/2014/dsa-2876" "url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
}, },
{ {
"name" : "USN-2143-1", "name": "USN-2143-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2143-1" "url": "http://www.ubuntu.com/usn/USN-2143-1"
}, },
{ {
"name" : "USN-2144-1", "name": "DSA-2875",
"refsource" : "UBUNTU", "refsource": "DEBIAN",
"url" : "http://www.ubuntu.com/usn/USN-2144-1" "url": "http://www.debian.org/security/2014/dsa-2875"
} }
] ]
} }

68
2013/6xxx/CVE-2013-6789.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6789", "ID": "CVE-2013-6789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653." "value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)", "name": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170",
"refsource" : "BUGTRAQ", "refsource": "CONFIRM",
"url" : "http://seclists.org/bugtraq/2013/Aug/12" "url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
}, },
{ {
"name" : "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170", "name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"refsource" : "CONFIRM", "refsource": "BUGTRAQ",
"url" : "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170" "url": "http://seclists.org/bugtraq/2013/Aug/12"
} }
] ]
} }

80
2013/6xxx/CVE-2013-6797.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6797", "ID": "CVE-2013-6797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file." "value": "Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/", "name": "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/" "url": "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog"
}, },
{ {
"name" : "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog", "name": "98923",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://wordpress.org/plugins/blue-wrench-videos-widget/changelog" "url": "http://osvdb.org/98923"
}, },
{ {
"name" : "98922", "name": "98922",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://osvdb.org/98922" "url": "http://osvdb.org/98922"
}, },
{ {
"name" : "98923", "name": "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/",
"refsource" : "OSVDB", "refsource": "MISC",
"url" : "http://osvdb.org/98923" "url": "http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/"
} }
] ]
} }

22
2017/10xxx/CVE-2017-10876.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10876", "ID": "CVE-2017-10876",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2017/11xxx/CVE-2017-11337.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11337", "ID": "CVE-2017-11337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack." "value": "There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1470737", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1470737" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737"
} }
] ]
} }

80
2017/11xxx/CVE-2017-11642.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11642", "ID": "CVE-2017-11642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638." "value": "GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", "name": "100395",
"refsource" : "MLIST", "refsource": "BID",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" "url": "http://www.securityfocus.com/bid/100395"
}, },
{ {
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9", "name": "DSA-4321",
"refsource" : "CONFIRM", "refsource": "DEBIAN",
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" "url": "https://www.debian.org/security/2018/dsa-4321"
}, },
{ {
"name" : "DSA-4321", "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource" : "DEBIAN", "refsource": "MLIST",
"url" : "https://www.debian.org/security/2018/dsa-4321" "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
}, },
{ {
"name" : "100395", "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/100395" "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9"
} }
] ]
} }

74
2017/14xxx/CVE-2017-14117.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14117", "ID": "CVE-2017-14117",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \\x2a\\xce\\x01 followed by other predictable values." "value": "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \\x2a\\xce\\x01 followed by other predictable values."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", "name": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" "url": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/"
}, },
{ {
"name" : "https://www.nomotion.net/blog/sharknatto/", "name": "100585",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://www.nomotion.net/blog/sharknatto/" "url": "http://www.securityfocus.com/bid/100585"
}, },
{ {
"name" : "100585", "name": "https://www.nomotion.net/blog/sharknatto/",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/100585" "url": "https://www.nomotion.net/blog/sharknatto/"
} }
] ]
} }

68
2017/14xxx/CVE-2017-14833.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-14833", "ID": "CVE-2017-14833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.1.21155" "version_value": "8.3.1.21155"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-416-Use After Free" "value": "CWE-416-Use After Free"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-877", "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-877" "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "name": "https://zerodayinitiative.com/advisories/ZDI-17-877",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://zerodayinitiative.com/advisories/ZDI-17-877"
} }
] ]
} }

62
2017/14xxx/CVE-2017-14860.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14860", "ID": "CVE-2017-14860",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack." "value": "There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494776", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494776" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776"
} }
] ]
} }

64
2017/15xxx/CVE-2017-15112.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2018-01-05T00:00:00", "DATE_PUBLIC": "2018-01-05T00:00:00",
"ID" : "CVE-2017-15112", "ID": "CVE-2017-15112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "keycloak-httpd-client-install", "product_name": "keycloak-httpd-client-install",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 0.8" "version_value": "before 0.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "jdennis" "vendor_name": "jdennis"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users." "value": "keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-200" "value": "CWE-200"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", "name": "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75" "url": "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75"
} }
] ]
} }

116
2017/15xxx/CVE-2017-15119.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-15119", "ID": "CVE-2017-15119",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "qemu", "product_name": "qemu",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.11" "version_value": "2.11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QEMU" "vendor_name": "QEMU"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS." "value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : [ "cvss": [
[ [
{ {
"vectorString" : "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "vectorString": "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version" : "3.0" "version": "3.0"
} }
], ],
[ [
{ {
"vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P", "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version" : "2.0" "version": "2.0"
} }
] ]
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-400" "value": "CWE-400"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.openwall.com/lists/oss-security/2017/11/28/9", "name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/11/28/9" "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
}, },
{ {
"name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", "name": "http://www.openwall.com/lists/oss-security/2017/11/28/9",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html" "url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", "name": "102011",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119" "url": "http://www.securityfocus.com/bid/102011"
}, },
{ {
"name" : "DSA-4213", "name": "DSA-4213",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4213" "url": "https://www.debian.org/security/2018/dsa-4213"
}, },
{ {
"name" : "RHSA-2018:1104", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2018:1104" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
}, },
{ {
"name" : "RHSA-2018:1113", "name": "RHSA-2018:1104",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1113" "url": "https://access.redhat.com/errata/RHSA-2018:1104"
}, },
{ {
"name" : "USN-3575-1", "name": "RHSA-2018:1113",
"refsource" : "UBUNTU", "refsource": "REDHAT",
"url" : "https://usn.ubuntu.com/3575-1/" "url": "https://access.redhat.com/errata/RHSA-2018:1113"
}, },
{ {
"name" : "102011", "name": "USN-3575-1",
"refsource" : "BID", "refsource": "UBUNTU",
"url" : "http://www.securityfocus.com/bid/102011" "url": "https://usn.ubuntu.com/3575-1/"
} }
] ]
} }

68
2017/15xxx/CVE-2017-15384.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15384", "ID": "CVE-2017-15384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action." "value": "rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://cxsecurity.com/issue/WLB-2016110122", "name": "https://cxsecurity.com/issue/WLB-2016110122",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2016110122" "url": "https://cxsecurity.com/issue/WLB-2016110122"
}, },
{ {
"name" : "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt", "name": "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt" "url": "https://packetstormsecurity.com/files/139696/ratemephp-xss.txt"
} }
] ]
} }

74
2017/15xxx/CVE-2017-15825.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2017-15825", "ID": "CVE-2017-15825",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur." "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Out of bounds Access When Accessing Partition Entries in Update gpt" "value": "Out of bounds Access When Accessing Partition Entries in Update gpt"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components", "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components" "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}, },
{ {
"name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6", "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6" "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=252e22c9adb9b59c36e59e00d8b43013facec4d6"
}, },
{ {
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", "name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" "url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
} }
] ]
} }

70
2017/15xxx/CVE-2017-15834.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00", "DATE_PUBLIC": "2018-03-05T00:00:00",
"ID" : "CVE-2017-15834", "ID": "CVE-2017-15834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow." "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903", "name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903" "url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}, },
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2e1b54e38f1516e70d9f6581c4f1ee935effb903"
} }
] ]
} }

62
2017/9xxx/CVE-2017-9136.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9136", "ID": "CVE-2017-9136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device)." "value": "An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://blog.iancaling.com/post/160596244178", "name": "http://blog.iancaling.com/post/160596244178",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://blog.iancaling.com/post/160596244178" "url": "http://blog.iancaling.com/post/160596244178"
} }
] ]
} }

80
2017/9xxx/CVE-2017-9763.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9763", "ID": "CVE-2017-9763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array." "value": "The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768", "name": "https://github.com/radare/radare2/issues/7723",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768" "url": "https://github.com/radare/radare2/issues/7723"
}, },
{ {
"name" : "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd", "name": "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd" "url": "http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768"
}, },
{ {
"name" : "https://github.com/radare/radare2/issues/7723", "name": "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/radare/radare2/issues/7723" "url": "https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd"
}, },
{ {
"name" : "99141", "name": "99141",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/99141" "url": "http://www.securityfocus.com/bid/99141"
} }
] ]
} }

68
2017/9xxx/CVE-2017-9876.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9876", "ID": "CVE-2017-9876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.\"" "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876", "name": "http://www.irfanview.com/plugins.htm",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876" "url": "http://www.irfanview.com/plugins.htm"
}, },
{ {
"name" : "http://www.irfanview.com/plugins.htm", "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://www.irfanview.com/plugins.htm" "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9876"
} }
] ]
} }

22
2018/0xxx/CVE-2018-0192.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-0192", "ID": "CVE-2018-0192",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2018/0xxx/CVE-2018-0199.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0199", "ID": "CVE-2018-0199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Jabber Client Framework", "product_name": "Cisco Jabber Client Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Jabber Client Framework" "version_value": "Cisco Jabber Client Framework"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989." "value": "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-79" "value": "CWE-79"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf"
}, },
{ {
"name" : "103143", "name": "1040407",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/103143" "url": "http://www.securitytracker.com/id/1040407"
}, },
{ {
"name" : "1040407", "name": "103143",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1040407" "url": "http://www.securityfocus.com/bid/103143"
} }
] ]
} }

22
2018/0xxx/CVE-2018-0740.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-0740", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2018-0740",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }

82
2018/0xxx/CVE-2018-0837.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00", "DATE_PUBLIC": "2018-02-13T00:00:00",
"ID" : "CVE-2018-0837", "ID": "CVE-2018-0837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge, ChakraCore", "product_name": "Microsoft Edge, ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866." "value": "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Critical" "value": "Critical"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "44081", "name": "44081",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44081/" "url": "https://www.exploit-db.com/exploits/44081/"
}, },
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0837"
}, },
{ {
"name" : "102876", "name": "102876",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/102876" "url": "http://www.securityfocus.com/bid/102876"
}, },
{ {
"name" : "1040372", "name": "1040372",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040372" "url": "http://www.securitytracker.com/id/1040372"
} }
] ]
} }

72
2018/1000xxx/CVE-2018-1000139.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "3/15/2018 22:35:10", "DATE_ASSIGNED": "3/15/2018 22:35:10",
"ID" : "CVE-2018-1000139", "ID": "CVE-2018-1000139",
"REQUESTER" : "3022235906@qq.com", "REQUESTER": "3022235906@qq.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "I, Librarian ", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.8 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "I, Librarian " "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user." "value": "I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in \"id\" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross Site Scripting (XSS)" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8", "name": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8" "url": "https://github.com/mkucej/i-librarian/blob/9535753a84bc615b210802d4c9542db73368d984/stable.php#L8"
}, },
{ {
"name" : "https://github.com/mkucej/i-librarian/issues/119", "name": "https://github.com/mkucej/i-librarian/issues/119",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/mkucej/i-librarian/issues/119" "url": "https://github.com/mkucej/i-librarian/issues/119"
} }
] ]
} }

68
2018/1000xxx/CVE-2018-1000631.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-31T16:52:42.845027", "DATE_ASSIGNED": "2018-07-31T16:52:42.845027",
"DATE_REQUESTED" : "2018-07-27T00:00:00", "DATE_REQUESTED": "2018-07-27T00:00:00",
"ID" : "CVE-2018-1000631", "ID": "CVE-2018-1000631",
"REQUESTER" : "stmoore@us.ibm.com", "REQUESTER": "stmoore@us.ibm.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "V2I Hub", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Battelle" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database." "value": "Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL Injection" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147308"
} }
] ]
} }

68
2018/1000xxx/CVE-2018-1000848.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.486534", "DATE_ASSIGNED": "2018-11-27T13:54:33.486534",
"DATE_REQUESTED" : "2018-11-18T12:33:39", "DATE_REQUESTED": "2018-11-18T12:33:39",
"ID" : "CVE-2018-1000848", "ID": "CVE-2018-1000848",
"REQUESTER" : "wampserver@otomatic.net", "REQUESTER": "wampserver@otomatic.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Wampserver", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 3.1.5" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Wampserver" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later." "value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross Site Scripting (XSS)" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://forum.wampserver.com/read.php?2,153491", "name": "http://forum.wampserver.com/read.php?2,153491",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://forum.wampserver.com/read.php?2,153491" "url": "http://forum.wampserver.com/read.php?2,153491"
} }
] ]
} }

64
2018/12xxx/CVE-2018-12192.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00", "DATE_PUBLIC": "2019-03-12T00:00:00",
"ID" : "CVE-2018-12192", "ID": "CVE-2018-12192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", "product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Multiple versions." "version_value": "Multiple versions."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access." "value": "Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Escalation of Privilege" "value": "Escalation of Privilege"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html"
} }
] ]
} }

62
2018/12xxx/CVE-2018-12674.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12674", "ID": "CVE-2018-12674",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account." "value": "The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) stores the username and password within the cookies of a session. If an attacker gained access to these session cookies, it would be possible to gain access to the username and password of the logged-in account."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", "name": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" "url": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/"
} }
] ]
} }

74
2018/12xxx/CVE-2018-12803.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12803", "ID": "CVE-2018-12803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Out-of-bounds read" "value": "Out-of-bounds read"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
}, },
{ {
"name" : "104699", "name": "104699",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/104699" "url": "http://www.securityfocus.com/bid/104699"
}, },
{ {
"name" : "1041250", "name": "1041250",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041250" "url": "http://www.securitytracker.com/id/1041250"
} }
] ]
} }

68
2018/16xxx/CVE-2018-16027.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-16027", "ID": "CVE-2018-16027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "name": "106164",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "url": "http://www.securityfocus.com/bid/106164"
}, },
{ {
"name" : "106164", "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/106164" "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
} }
] ]
} }

68
2018/16xxx/CVE-2018-16183.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16183", "ID": "CVE-2018-16183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Some pre-installed applications on Panasonic PC", "product_name": "Some pre-installed applications on Panasonic PC",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009" "version_value": "run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Panasonic Corporation" "vendor_name": "Panasonic Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges." "value": "An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unquoted Search Path or Element" "value": "Unquoted Search Path or Element"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://pc-dl.panasonic.co.jp/dl/docs/077770", "name": "JVN#36895151",
"refsource" : "MISC", "refsource": "JVN",
"url" : "https://pc-dl.panasonic.co.jp/dl/docs/077770" "url": "https://jvn.jp/en/jp/JVN36895151/index.html"
}, },
{ {
"name" : "JVN#36895151", "name": "https://pc-dl.panasonic.co.jp/dl/docs/077770",
"refsource" : "JVN", "refsource": "MISC",
"url" : "https://jvn.jp/en/jp/JVN36895151/index.html" "url": "https://pc-dl.panasonic.co.jp/dl/docs/077770"
} }
] ]
} }

68
2018/16xxx/CVE-2018-16954.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16954", "ID": "CVE-2018-16954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." "value": "An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://seclists.org/fulldisclosure/2018/Sep/22", "name": "https://seclists.org/fulldisclosure/2018/Sep/22",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://seclists.org/fulldisclosure/2018/Sep/22" "url": "https://seclists.org/fulldisclosure/2018/Sep/22"
}, },
{ {
"name" : "105350", "name": "105350",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/105350" "url": "http://www.securityfocus.com/bid/105350"
} }
] ]
} }

62
2018/16xxx/CVE-2018-16970.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16970", "ID": "CVE-2018-16970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter." "value": "Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/", "name": "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/" "url": "https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/"
} }
] ]
} }

104
2018/4xxx/CVE-2018-4232.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4232", "ID": "CVE-2018-4232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to overwrite cookies via a crafted web site." "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to overwrite cookies via a crafted web site."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://support.apple.com/HT208848", "name": "https://support.apple.com/HT208850",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208848" "url": "https://support.apple.com/HT208850"
}, },
{ {
"name" : "https://support.apple.com/HT208850", "name": "https://support.apple.com/HT208853",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208850" "url": "https://support.apple.com/HT208853"
}, },
{ {
"name" : "https://support.apple.com/HT208852", "name": "GLSA-201808-04",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "https://support.apple.com/HT208852" "url": "https://security.gentoo.org/glsa/201808-04"
}, },
{ {
"name" : "https://support.apple.com/HT208853", "name": "https://support.apple.com/HT208854",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208853" "url": "https://support.apple.com/HT208854"
}, },
{ {
"name" : "https://support.apple.com/HT208854", "name": "1041029",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://support.apple.com/HT208854" "url": "http://www.securitytracker.com/id/1041029"
}, },
{ {
"name" : "GLSA-201808-04", "name": "USN-3687-1",
"refsource" : "GENTOO", "refsource": "UBUNTU",
"url" : "https://security.gentoo.org/glsa/201808-04" "url": "https://usn.ubuntu.com/3687-1/"
}, },
{ {
"name" : "USN-3687-1", "name": "https://support.apple.com/HT208848",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "https://usn.ubuntu.com/3687-1/" "url": "https://support.apple.com/HT208848"
}, },
{ {
"name" : "1041029", "name": "https://support.apple.com/HT208852",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1041029" "url": "https://support.apple.com/HT208852"
} }
] ]
} }

22
2018/4xxx/CVE-2018-4270.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4270", "ID": "CVE-2018-4270",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/4xxx/CVE-2018-4359.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4359", "ID": "CVE-2018-4359",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/4xxx/CVE-2018-4423.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4423", "ID": "CVE-2018-4423",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/4xxx/CVE-2018-4688.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4688", "ID": "CVE-2018-4688",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/4xxx/CVE-2018-4760.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4760", "ID": "CVE-2018-4760",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

18
2019/9xxx/CVE-2019-9854.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}