admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:12:03 +00:00
parent d57a91331b
commit c1ddf07300
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4464 additions and 4459 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2001/0xxx/CVE-2001-0426.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0426", "ID": "CVE-2001-0426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html" "lang": "eng",
} "value": "Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html"
}
]
}
}

250
2008/0xxx/CVE-2008-0726.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0726", "ID": "CVE-2008-0726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488000/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/advisories/apsa08-01.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/advisories/apsa08-01.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-13.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-13.html" ]
}, },
{ "references": {
"name" : "GLSA-200803-01", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200803-01.xml" "name": "SUSE-SA:2008:009",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html"
"name" : "RHSA-2008:0144", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0144.html" "name": "http://www.adobe.com/support/security/bulletins/apsb08-13.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb08-13.html"
"name" : "239286", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1" "name": "ADV-2008-1966",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1966/references"
"name" : "SUSE-SA:2008:009", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00007.html" "name": "http://www.adobe.com/support/security/advisories/apsa08-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/advisories/apsa08-01.html"
"name" : "oval:org.mitre.oval:def:10957", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957" "name": "28983",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28983"
"name" : "ADV-2008-1966", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1966/references" "name": "239286",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239286-1"
"name" : "28983", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28983" "name": "20080211 ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/488000/100/0/threaded"
"name" : "29065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29065" "name": "GLSA-200803-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200803-01.xml"
"name" : "29205", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29205" "name": "29065",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29065"
"name" : "30840", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30840" "name": "30840",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30840"
} },
} {
"name": "29205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29205"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-004.html"
},
{
"name": "oval:org.mitre.oval:def:10957",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10957"
},
{
"name": "RHSA-2008:0144",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0144.html"
}
]
}
}

140
2008/0xxx/CVE-2008-0921.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0921", "ID": "CVE-2008-0921",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5170", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5170" "lang": "eng",
}, "value": "SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "27928", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27928" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29061", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29061" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "29061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29061"
},
{
"name": "27928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27928"
},
{
"name": "5170",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5170"
}
]
}
}

230
2008/0xxx/CVE-2008-0964.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0964", "ID": "CVE-2008-0964",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080804 Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=734" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet."
{ }
"name" : "6328", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/6328" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935", ]
"refsource" : "CONFIRM", }
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935" ]
}, },
{ "references": {
"name" : "240101", "reference_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1" "name": "6328",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/6328"
"name" : "30556", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30556" "name": "20080804 Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=734"
"name" : "oval:org.mitre.oval:def:5318", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5318" "name": "240101",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1"
"name" : "ADV-2008-2311", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2311" "name": "1020633",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020633"
"name" : "1020633", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020633" "name": "oval:org.mitre.oval:def:5318",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5318"
"name" : "31386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31386" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm"
"name" : "31535", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31535" "name": "ADV-2008-2311",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2311"
"name" : "solaris-snoop1m-bo(44222)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44222" "name": "31535",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31535"
} },
} {
"name": "31386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31386"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935"
},
{
"name": "solaris-snoop1m-bo(44222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44222"
},
{
"name": "30556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30556"
}
]
}
}

200
2008/1xxx/CVE-2008-1021.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1021", "ID": "CVE-2008-1021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080403 ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490462/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-018", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-018" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT1241", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT1241" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-094A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-094A.html" ]
}, },
{ "references": {
"name" : "28583", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28583" "name": "http://support.apple.com/kb/HT1241",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT1241"
"name" : "ADV-2008-1078", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1078" "name": "TA08-094A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-094A.html"
"name" : "1019765", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019765" "name": "ADV-2008-1078",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1078"
"name" : "29650", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29650" "name": "28583",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28583"
"name" : "quicktime-animation-codec-bo(41612)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41612" "name": "20080403 ZDI-08-018: Apple QuickTime Run Length Encoding Heap Overflow Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/490462/100/0/threaded"
} },
} {
"name": "1019765",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019765"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-018",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-018"
},
{
"name": "quicktime-animation-codec-bo(41612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41612"
},
{
"name": "29650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29650"
}
]
}
}

160
2008/1xxx/CVE-2008-1057.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1057", "ID": "CVE-2008-1057",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080225 008: RELIABILITY FIX: February 25, 2008", "description_data": [
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata42.html#008_ip6rthdr" "lang": "eng",
}, "value": "The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers."
{ }
"name" : "27965", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27965" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0660", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0660" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1019496", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1019496" ]
}, },
{ "references": {
"name" : "29078", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29078" "name": "27965",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/27965"
} },
} {
"name": "29078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29078"
},
{
"name": "ADV-2008-0660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0660"
},
{
"name": "1019496",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019496"
},
{
"name": "20080225 008: RELIABILITY FIX: February 25, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata42.html#008_ip6rthdr"
}
]
}
}

350
2008/1xxx/CVE-2008-1482.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1482", "ID": "CVE-2008-1482",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080320 Multiple heap overflows in xine-lib 1.1.11", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489894/100/0/threaded" "lang": "eng",
}, "value": "Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c."
{ }
"name" : "http://aluigi.altervista.org/adv/xinehof-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/xinehof-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.org/poc/xinehof.zip", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/poc/xinehof.zip" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=438663", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=438663" ]
}, },
{ "references": {
"name" : "DSA-1586", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1586" "name": "ADV-2008-0981",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0981/references"
"name" : "FEDORA-2008-2849", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=438663",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=438663"
"name" : "FEDORA-2008-2945", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html" "name": "29622",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29622"
"name" : "GLSA-200808-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-01.xml" "name": "GLSA-200808-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-01.xml"
"name" : "MDVSA-2008:178", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178" "name": "SUSE-SR:2008:008",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
"name" : "SSA:2008-092-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137" "name": "3769",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3769"
"name" : "SUSE-SR:2008:008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" "name": "DSA-1586",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1586"
"name" : "USN-635-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-635-1" "name": "FEDORA-2008-2945",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html"
"name" : "28370", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28370" "name": "29484",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29484"
"name" : "30337", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30337" "name": "29756",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29756"
"name" : "ADV-2008-0981", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0981/references" "name": "29600",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29600"
"name" : "29484", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29484" "name": "29740",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29740"
"name" : "29600", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29600" "name": "31393",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31393"
"name" : "29740", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29740" "name": "MDVSA-2008:178",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:178"
"name" : "29756", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29756" "name": "http://aluigi.org/poc/xinehof.zip",
}, "refsource": "MISC",
{ "url": "http://aluigi.org/poc/xinehof.zip"
"name" : "29622", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29622" "name": "xinelib-multiple-bo(41350)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350"
"name" : "31372", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31372" "name": "FEDORA-2008-2849",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00157.html"
"name" : "31393", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31393" "name": "SSA:2008-092-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.441137"
"name" : "3769", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3769" "name": "28370",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28370"
"name" : "xinelib-multiple-bo(41350)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41350" "name": "20080320 Multiple heap overflows in xine-lib 1.1.11",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/489894/100/0/threaded"
} },
} {
"name": "http://aluigi.altervista.org/adv/xinehof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/xinehof-adv.txt"
},
{
"name": "31372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31372"
},
{
"name": "USN-635-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-635-1"
},
{
"name": "30337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30337"
}
]
}
}

160
2008/1xxx/CVE-2008-1910.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1910", "ID": "CVE-2008-1910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080411 Borland InterBase 2007 \"ibserver.exe\" Buffer Overflow Vulnerability POC", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490752/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244."
{ }
"name" : "5427", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5427" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28730", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28730" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1019834", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1019834" ]
}, },
{ "references": {
"name" : "borland-ibserver-bo(41932)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41932" "name": "20080411 Borland InterBase 2007 \"ibserver.exe\" Buffer Overflow Vulnerability POC",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/490752/100/0/threaded"
} },
} {
"name": "borland-ibserver-bo(41932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41932"
},
{
"name": "5427",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5427"
},
{
"name": "28730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28730"
},
{
"name": "1019834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019834"
}
]
}
}

160
2008/5xxx/CVE-2008-5222.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5222", "ID": "CVE-2008-5222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080529 dvbbs8.2(access/sql)version login.asp remote sql injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492753/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter."
{ }
"name" : "29429", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29429" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30455", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30455" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4635", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4635" ]
}, },
{ "references": {
"name" : "dvbbs-login-sql-injection(42731)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42731" "name": "30455",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30455"
} },
} {
"name": "dvbbs-login-sql-injection(42731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42731"
},
{
"name": "20080529 dvbbs8.2(access/sql)version login.asp remote sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492753/100/0/threaded"
},
{
"name": "29429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29429"
},
{
"name": "4635",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4635"
}
]
}
}

160
2008/5xxx/CVE-2008-5268.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5268", "ID": "CVE-2008-5268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493302/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter."
{ }
"name" : "5775", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5775" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29631", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29631" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4653", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4653" ]
}, },
{ "references": {
"name" : "aspportal-reply-sql-injection(42977)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977" "name": "4653",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4653"
} },
} {
"name": "5775",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5775"
},
{
"name": "20080612 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493302/100/0/threaded"
},
{
"name": "aspportal-reply-sql-injection(42977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42977"
},
{
"name": "29631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29631"
}
]
}
}

34
2008/5xxx/CVE-2008-5611.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5611", "ID": "CVE-2008-5611",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2008/5xxx/CVE-2008-5678.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5678", "ID": "CVE-2008-5678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6653", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6653" "lang": "eng",
}, "value": "Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files."
{ }
"name" : "31544", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31544" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4790", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4790" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "olib7webview-infile-file-include(45638)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45638" ]
} },
] "references": {
} "reference_data": [
} {
"name": "31544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31544"
},
{
"name": "4790",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4790"
},
{
"name": "olib7webview-infile-file-include(45638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45638"
},
{
"name": "6653",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6653"
}
]
}
}

170
2008/5xxx/CVE-2008-5764.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5764", "ID": "CVE-2008-5764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7481", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7481" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter."
{ }
"name" : "32849", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32849" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50726", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50726" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33163", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33163" ]
}, },
{ "references": {
"name" : "4831", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4831" "name": "worksimple-calendar-file-include(47361)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47361"
"name" : "worksimple-calendar-file-include(47361)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47361" "name": "7481",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/7481"
} },
} {
"name": "33163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33163"
},
{
"name": "50726",
"refsource": "OSVDB",
"url": "http://osvdb.org/50726"
},
{
"name": "32849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32849"
},
{
"name": "4831",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4831"
}
]
}
}

340
2008/5xxx/CVE-2008-5983.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5983", "ID": "CVE-2008-5983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html" "lang": "eng",
}, "value": "Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory."
{ }
"name" : "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd", ]
"refsource" : "MLIST", },
"url" : "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2009/01/28/5" ]
}, },
{ "references": {
"name" : "[oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/01/30/2" "name": "[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory",
}, "refsource": "MLIST",
{ "url": "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=482814", },
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=482814" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=482814",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=482814"
"name" : "FEDORA-2010-9652", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html" "name": "FEDORA-2010-9652",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
"name" : "GLSA-200903-41", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200903-41.xml" "name": "51087",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51087"
"name" : "GLSA-200904-06", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200904-06.xml" "name": "[oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/01/30/2"
"name" : "RHSA-2011:0027", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0027.html" "name": "USN-1616-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1616-1"
"name" : "USN-1596-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1596-1" "name": "51040",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51040"
"name" : "USN-1613-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1613-2" "name": "GLSA-200903-41",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200903-41.xml"
"name" : "USN-1613-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1613-1" "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
"name" : "USN-1616-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1616-1" "name": "ADV-2010-1448",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1448"
"name" : "34522", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34522" "name": "50858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50858"
"name" : "40194", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40194" "name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
}, "refsource": "MLIST",
{ "url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
"name" : "42888", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42888" "name": "GLSA-200904-06",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200904-06.xml"
"name" : "50858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50858" "name": "ADV-2011-0122",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0122"
"name" : "51024", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51024" "name": "[oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/01/28/5"
"name" : "51040", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51040" "name": "34522",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34522"
"name" : "51087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51087" "name": "42888",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42888"
"name" : "ADV-2010-1448", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1448" "name": "USN-1596-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1596-1"
"name" : "ADV-2011-0122", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0122" "name": "40194",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/40194"
} },
} {
"name": "RHSA-2011:0027",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
}
]
}
}

34
2013/0xxx/CVE-2013-0054.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-0054", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-0054",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

410
2013/0xxx/CVE-2013-0434.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0434", "ID": "CVE-2013-0434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information."
{ }
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "description": [
"refsource" : "CONFIRM", {
"url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b", ]
"refsource" : "CONFIRM", }
"url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "MDVSA-2013:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
"name" : "HPSBUX02864", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "SSRT101156",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "SSRT101156", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "TA13-032A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
"name" : "HPSBMU02874", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "RHSA-2013:0236",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
"name" : "HPSBUX02857", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "oval:org.mitre.oval:def:19430",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "VU#858729",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/858729"
"name" : "MDVSA-2013:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" "name": "SUSE-SU-2013:0478",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html"
"name" : "RHSA-2013:0236", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" "name": "RHSA-2013:0237",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
"name" : "RHSA-2013:0237", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "RHSA-2013:0245", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" "name": "RHSA-2013:0247",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html"
"name" : "RHSA-2013:0246", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" "name": "oval:org.mitre.oval:def:16528",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528"
"name" : "RHSA-2013:0247", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" "name": "oval:org.mitre.oval:def:19505",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "openSUSE-SU-2013:0312", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "openSUSE-SU-2013:0377", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" "name": "57730",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57730"
"name" : "SUSE-SU-2013:0478", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" "name": "openSUSE-SU-2013:0312",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html"
"name" : "TA13-032A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" "name": "oval:org.mitre.oval:def:19272",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272"
"name" : "VU#858729", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/858729" "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b",
}, "refsource": "CONFIRM",
{ "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b"
"name" : "57730", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57730" "name": "openSUSE-SU-2013:0377",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html"
"name" : "oval:org.mitre.oval:def:16528", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528" "name": "RHSA-2013:0246",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html"
"name" : "oval:org.mitre.oval:def:19272", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "oval:org.mitre.oval:def:19430", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430" "name": "HPSBUX02864",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "oval:org.mitre.oval:def:19505", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505" "name": "RHSA-2013:0245",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056"
}
]
}
}

140
2013/0xxx/CVE-2013-0599.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-0599", "ID": "CVE-2013-0599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637151", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637151" "lang": "eng",
}, "value": "IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code."
{ }
"name" : "60107", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/60107" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-iehs-cve20130599-info-disclosure(83613)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "60107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60107"
},
{
"name": "ibm-iehs-cve20130599-info-disclosure(83613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83613"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637151"
}
]
}
}

130
2013/0xxx/CVE-2013-0631.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-0631", "ID": "CVE-2013-0631",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/advisories/apsa13-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/advisories/apsa13-01.html" "lang": "eng",
}, "value": "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-03.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-03.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-03.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa13-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa13-01.html"
}
]
}
}

230
2013/0xxx/CVE-2013-0744.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-0744", "ID": "CVE-2013-0744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814713", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814713" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0144", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0144.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:0145", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0145.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2013:0048", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" "name": "oval:org.mitre.oval:def:17007",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007"
"name" : "SUSE-SU-2013:0049", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" "name": "SUSE-SU-2013:0048",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
"name" : "openSUSE-SU-2013:0131", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" "name": "openSUSE-SU-2013:0131",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
"name" : "openSUSE-SU-2013:0149", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" "name": "RHSA-2013:0145",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html"
"name" : "USN-1681-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1681-1" "name": "USN-1681-4",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1681-4"
"name" : "USN-1681-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1681-2" "name": "RHSA-2013:0144",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html"
"name" : "USN-1681-4", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1681-4" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814713",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814713"
"name" : "oval:org.mitre.oval:def:17007", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17007" "name": "SUSE-SU-2013:0049",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
} },
} {
"name": "USN-1681-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-05.html"
},
{
"name": "openSUSE-SU-2013:0149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name": "USN-1681-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-2"
}
]
}
}

300
2013/0xxx/CVE-2013-0749.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-0749", "ID": "CVE-2013-0749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785358", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=785358" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794426", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=794426" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805745", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805745" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805814", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805814" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808481"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=808481", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=808481" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=816994"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=812847", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=812847" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814839"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814407", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814407" "name": "SUSE-SU-2013:0048",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814839", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=814839" "name": "openSUSE-SU-2013:0131",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=816994", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=816994" "name": "http://www.palemoon.org/releasenotes-ng.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.palemoon.org/releasenotes-ng.shtml"
"name" : "http://www.palemoon.org/releasenotes-ng.shtml", },
"refsource" : "CONFIRM", {
"url" : "http://www.palemoon.org/releasenotes-ng.shtml" "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-01.html"
"name" : "SUSE-SU-2013:0048", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" "name": "USN-1681-4",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1681-4"
"name" : "SUSE-SU-2013:0049", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" "name": "SUSE-SU-2013:0049",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
"name" : "openSUSE-SU-2013:0131", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" "name": "USN-1681-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1681-1"
"name" : "openSUSE-SU-2013:0149", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805814"
"name" : "USN-1681-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1681-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812847"
"name" : "USN-1681-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1681-2" "name": "openSUSE-SU-2013:0149",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
"name" : "USN-1681-4", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1681-4" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=794426"
"name" : "oval:org.mitre.oval:def:16953", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=785358"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805745"
},
{
"name": "USN-1681-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-2"
},
{
"name": "oval:org.mitre.oval:def:16953",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=814407"
}
]
}
}

130
2013/3xxx/CVE-2013-3024.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-3024", "ID": "CVE-2013-3024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553" "lang": "eng",
}, "value": "IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362."
{ }
"name" : "was-cve20133024-priv-escalation(84362)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84362" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "was-cve20133024-priv-escalation(84362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84362"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?&uid=swg21639553"
}
]
}
}

130
2013/3xxx/CVE-2013-3241.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3241", "ID": "CVE-2013-3241",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html" "lang": "eng",
}, "value": "export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request."
{ }
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php"
}
]
}
}

34
2013/3xxx/CVE-2013-3621.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3621", "ID": "CVE-2013-3621",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/4xxx/CVE-2013-4386.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4386", "ID": "CVE-2013-4386",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.theforeman.org/issues/3160", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.theforeman.org/issues/3160" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter."
{ }
"name" : "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84", ]
"refsource" : "CONFIRM", },
"url" : "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1522", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1522.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/foreman-announce/GKMNXM66Z84"
},
{
"name": "http://projects.theforeman.org/issues/3160",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/3160"
},
{
"name": "RHSA-2013:1522",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1522.html"
}
]
}
}

180
2013/4xxx/CVE-2013-4388.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4388", "ID": "CVE-2013-4388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130930 Re: CVE request: VLC", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/10/01/2" "lang": "eng",
}, "value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
{ }
"name" : "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e", ]
"refsource" : "CONFIRM", },
"url" : "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.videolan.org/developers/vlc-branch/NEWS", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.videolan.org/developers/vlc-branch/NEWS" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "62724", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/62724" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:18086", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086" "name": "oval:org.mitre.oval:def:18086",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"
"name" : "1029120", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029120" "name": "59793",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59793"
"name" : "59793", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59793" "name": "http://www.videolan.org/developers/vlc-branch/NEWS",
} "refsource": "CONFIRM",
] "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
} },
} {
"name": "62724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62724"
},
{
"name": "[oss-security] 20130930 Re: CVE request: VLC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"
},
{
"name": "1029120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029120"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e"
}
]
}
}

170
2013/4xxx/CVE-2013-4562.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4562", "ID": "CVE-2013-4562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131112 CVE request: rubygem omniauth-facebook CSRF vurnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q4/264" "lang": "eng",
}, "value": "The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter."
{ }
"name" : "[oss-security] 20131112 Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2013/q4/267" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[ruby-security-ann] 20131114 [CVE-2013-4562] RubyGem omniauth-facebook CSRF vulnerability", "description": [
"refsource" : "MLIST", {
"url" : "https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://osvdb.org/ref/99/omniauth-facebook_gem.txt", ]
"refsource" : "MISC", }
"url" : "http://osvdb.org/ref/99/omniauth-facebook_gem.txt" ]
}, },
{ "references": {
"name" : "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7" "name": "[oss-security] 20131112 CVE request: rubygem omniauth-facebook CSRF vurnerability",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2013/q4/264"
"name" : "99693", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/99693" "name": "99693",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/99693"
} },
} {
"name": "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7",
"refsource": "CONFIRM",
"url": "https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7"
},
{
"name": "[ruby-security-ann] 20131114 [CVE-2013-4562] RubyGem omniauth-facebook CSRF vulnerability",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ"
},
{
"name": "http://osvdb.org/ref/99/omniauth-facebook_gem.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/99/omniauth-facebook_gem.txt"
},
{
"name": "[oss-security] 20131112 Re: Re: CVE request: rubygem omniauth-facebook CSRF vurnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/267"
}
]
}
}

150
2013/4xxx/CVE-2013-4835.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2013-4835", "ID": "CVE-2013-4835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30473", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/30473" "lang": "eng",
}, "value": "The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765."
{ }
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMU02933", "description": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT101126", ]
"refsource" : "HP", }
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435" ]
} },
] "references": {
} "reference_data": [
} {
"name": "SSRT101126",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435"
},
{
"name": "30473",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30473"
},
{
"name": "HPSBMU02933",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435"
}
]
}
}

270
2013/4xxx/CVE-2013-4932.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4932", "ID": "CVE-2013-4932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672" "lang": "eng",
}, "value": "Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html" ]
}, },
{ "references": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940" "name": "54371",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54371"
"name" : "https://www.wireshark.org/security/wnpa-sec-2013-50.html", },
"refsource" : "CONFIRM", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2013-50.html" "name": "openSUSE-SU-2013:1300",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html"
"name" : "DSA-2734", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2734" "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50672"
"name" : "GLSA-201308-05", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" "name": "54178",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54178"
"name" : "RHSA-2014:0341", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html" "name": "RHSA-2014:0341",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
"name" : "openSUSE-SU-2013:1295", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html" "name": "54425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54425"
"name" : "openSUSE-SU-2013:1300", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html" "name": "DSA-2734",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2734"
"name" : "oval:org.mitre.oval:def:17260", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17260" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html"
"name" : "54178", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54178" "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_a_common.c?r1=50672&r2=50671&pathrev=50672"
"name" : "54371", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54371" "name": "GLSA-201308-05",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"name" : "54296", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54296" "name": "oval:org.mitre.oval:def:17260",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17260"
"name" : "54425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54425" "name": "https://www.wireshark.org/security/wnpa-sec-2013-50.html",
} "refsource": "CONFIRM",
] "url": "https://www.wireshark.org/security/wnpa-sec-2013-50.html"
} },
} {
"name": "openSUSE-SU-2013:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html"
},
{
"name": "54296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54296"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8940"
}
]
}
}

140
2013/7xxx/CVE-2013-7203.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2013-7203", "ID": "CVE-2013-7203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131223 Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3", "description_data": [
"refsource" : "MLIST", {
"url" : "https://marc.info/?l=oss-security&m=138783069700756&w=2" "lang": "eng",
}, "value": "gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup."
{ }
"name" : "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html", ]
"refsource" : "CONFIRM", },
"url" : "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2013-23953", "description": [
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125611.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/149438/ManageEngine-SupportCenter-Plus-8.1.0-Cross-Site-Scripting.html"
},
{
"name": "FEDORA-2013-23953",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125611.html"
},
{
"name": "[oss-security] 20131223 Re: CVE Request: gitolite world writable files for fresh installs of v3.5.3",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security&m=138783069700756&w=2"
}
]
}
}

140
2013/7xxx/CVE-2013-7426.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7426", "ID": "CVE-2013-7426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150212 Re: kamailio: multiple /tmp file vulnerabilities", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/02/12/7" "lang": "eng",
}, "value": "Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1."
{ }
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100537", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100537" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150212 Re: kamailio: multiple /tmp file vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/7"
},
{
"name": "100537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100537"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712083"
}
]
}
}

140
2017/10xxx/CVE-2017-10316.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10316", "ID": "CVE-2017-10316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Suite8", "product_name": "Hospitality Suite8",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.10.1" "version_value": "8.10.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.10.2" "version_value": "8.10.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "101346", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101346" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "101346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101346"
}
]
}
}

120
2017/10xxx/CVE-2017-10751.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10751", "ID": "CVE-2017-10751",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751"
}
]
}
}

140
2017/12xxx/CVE-2017-12563.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12563", "ID": "CVE-2017-12563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/599", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/599" "lang": "eng",
}, "value": "In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service."
{ }
"name" : "USN-3681-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3681-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100153", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100153" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/599",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/599"
},
{
"name": "100153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100153"
}
]
}
}

34
2017/12xxx/CVE-2017-12619.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12619", "ID": "CVE-2017-12619",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/12xxx/CVE-2017-12850.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12850", "ID": "CVE-2017-12850",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae" "lang": "eng",
}, "value": "An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46."
{ }
"name" : "100352", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100352" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae",
"refsource": "CONFIRM",
"url": "https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae"
},
{
"name": "100352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100352"
}
]
}
}

150
2017/12xxx/CVE-2017-12876.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12876", "ID": "CVE-2017-12876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170816 imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/08/16/3" "lang": "eng",
}, "value": "Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file."
{ }
"name" : "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/", ]
"refsource" : "MISC", },
"url" : "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201711-07", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201711-07" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/08/10/imagemagick-heap-based-buffer-overflow-in-omp_outlined-32-enhance-c/"
},
{
"name": "[oss-security] 20170816 imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/16/3"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e"
},
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
}
]
}
}

150
2017/13xxx/CVE-2017-13141.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13141", "ID": "CVE-2017-13141",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116" "lang": "eng",
}, "value": "In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c."
{ }
"name" : "https://github.com/ImageMagick/ImageMagick/issues/600", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/ImageMagick/ImageMagick/issues/600" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4019", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4019" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201711-07", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201711-07" ]
} },
] "references": {
} "reference_data": [
} {
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870116"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/600",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/600"
},
{
"name": "DSA-4019",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4019"
}
]
}
}

120
2017/13xxx/CVE-2017-13664.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13664", "ID": "CVE-2017-13664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/", "description_data": [
"refsource" : "MISC", {
"url" : "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/" "lang": "eng",
} "value": "Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/",
"refsource": "MISC",
"url": "https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/"
}
]
}
}

130
2017/13xxx/CVE-2017-13789.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-13789", "ID": "CVE-2017-13789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208223", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208223" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
{ }
"name" : "1039706", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1039706" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039706"
},
{
"name": "https://support.apple.com/HT208223",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208223"
}
]
}
}

34
2017/16xxx/CVE-2017-16326.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16326", "ID": "CVE-2017-16326",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/16xxx/CVE-2017-16852.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16852", "ID": "CVE-2017-16852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1179-1] shibboleth-sp2 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html" "lang": "eng",
}, "value": "shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763."
{ }
"name" : "https://bugs.debian.org/881857", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.debian.org/881857" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://shibboleth.net/community/advisories/secadv_20171115.txt", ]
"refsource" : "CONFIRM", }
"url" : "https://shibboleth.net/community/advisories/secadv_20171115.txt" ]
}, },
{ "references": {
"name" : "DSA-4038", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4038" "name": "https://bugs.debian.org/881857",
} "refsource": "CONFIRM",
] "url": "https://bugs.debian.org/881857"
} },
} {
"name": "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16",
"refsource": "CONFIRM",
"url": "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16"
},
{
"name": "https://shibboleth.net/community/advisories/secadv_20171115.txt",
"refsource": "CONFIRM",
"url": "https://shibboleth.net/community/advisories/secadv_20171115.txt"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1179-1] shibboleth-sp2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html"
},
{
"name": "DSA-4038",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4038"
}
]
}
}

34
2017/17xxx/CVE-2017-17006.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17006", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17006",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17112.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17112", "ID": "CVE-2017-17112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1" "lang": "eng",
} "value": "ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1",
"refsource": "MISC",
"url": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1"
}
]
}
}

34
2017/17xxx/CVE-2017-17268.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17268", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17268",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/17xxx/CVE-2017-17762.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17762", "ID": "CVE-2017-17762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa" "lang": "eng",
}, "value": "XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx."
{ }
"name" : "https://kryptera.se/sarbarhet-i-episerver/", ]
"refsource" : "MISC", },
"url" : "https://kryptera.se/sarbarhet-i-episerver/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa",
"refsource": "MISC",
"url": "https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa"
},
{
"name": "https://kryptera.se/sarbarhet-i-episerver/",
"refsource": "MISC",
"url": "https://kryptera.se/sarbarhet-i-episerver/"
}
]
}
}

140
2017/17xxx/CVE-2017-17932.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17932", "ID": "CVE-2017-17932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43406", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43406/" "lang": "eng",
}, "value": "A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888."
{ }
"name" : "43407", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/43407/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43523", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43523/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "43523",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43523/"
},
{
"name": "43407",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43407/"
},
{
"name": "43406",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43406/"
}
]
}
}

120
2018/18xxx/CVE-2018-18742.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18742", "ID": "CVE-2018-18742",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md" "lang": "eng",
} "value": "A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/SEMCMS/blob/master/CSRF.md"
}
]
}
}

130
2018/18xxx/CVE-2018-18842.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18842", "ID": "CVE-2018-18842",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx" "lang": "eng",
}, "value": "CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code."
{ }
"name" : "https://github.com/zblogcn/zblogphp/issues/201", ]
"refsource" : "MISC", },
"url" : "https://github.com/zblogcn/zblogphp/issues/201" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx",
"refsource": "MISC",
"url": "https://github.com/zblogcn/zblogphp/files/2524853/CSRF.Vulnerability.exists.in.the.file.of.Z-BLOG.1.5.2.1935.docx"
},
{
"name": "https://github.com/zblogcn/zblogphp/issues/201",
"refsource": "MISC",
"url": "https://github.com/zblogcn/zblogphp/issues/201"
}
]
}
}

225
2018/19xxx/CVE-2018-19407.json
View File

@ -1,112 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19407", "ID": "CVE-2018-19407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://lkml.org/lkml/2018/11/20/580", "description_data": [
"refsource" : "MISC", {
"url" : "https://lkml.org/lkml/2018/11/20/580" "lang": "eng",
}, "value": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized."
{ }
"name" : "USN-3871-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3871-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3872-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3872-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3871-3", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3871-3/" ]
}, },
{ "references": {
"name" : "USN-3871-4", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-4/" "name": "USN-3879-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3879-2/"
"name" : "USN-3878-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3878-1/" "name": "USN-3872-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3872-1/"
"name" : "USN-3879-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3879-1/" "name": "USN-3878-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3878-1/"
"name" : "USN-3879-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3879-2/" "name": "USN-3879-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3879-1/"
"name" : "USN-3871-5", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-5/" "name": "USN-3871-5",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3871-5/"
"name" : "USN-3878-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3878-2/" "name": "USN-3878-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3878-2/"
"name" : "105987", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105987" "name": "USN-3871-4",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3871-4/"
} },
} {
"name": "105987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105987"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "https://lkml.org/lkml/2018/11/20/580",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2018/11/20/580"
}
]
}
}

140
2018/19xxx/CVE-2018-19505.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19505", "ID": "CVE-2018-19505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181127 CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Nov/62" "lang": "eng",
}, "value": "Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call."
{ }
"name" : "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1042177", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1042177" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1042177",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042177"
},
{
"name": "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150492/BMC-Remedy-7.1-User-Impersonation.html"
},
{
"name": "20181127 CVE-2018-19505 - Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Nov/62"
}
]
}
}

120
2018/19xxx/CVE-2018-19531.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19531", "ID": "CVE-2018-19531",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/httl/httl/issues/224", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/httl/httl/issues/224" "lang": "eng",
} "value": "HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/httl/httl/issues/224",
"refsource": "MISC",
"url": "https://github.com/httl/httl/issues/224"
}
]
}
}

184
2018/19xxx/CVE-2018-19637.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@suse.de", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2019-02-21T00:00:00.000Z", "DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
"ID" : "CVE-2018-19637", "ID": "CVE-2018-19637",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Static temporary filename allows overwriting of files" "TITLE": "Static temporary filename allows overwriting of files"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "supportutils", "product_name": "supportutils",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "3.1-5.7.1" "version_value": "3.1-5.7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SUSE" "vendor_name": "SUSE"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Vítězslav Čížek of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection"
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.8,
"baseSeverity" : "LOW",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-377"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "V\u00edt\u011bzslav \u010c\u00ed\u017eek of SUSE"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1117776", }
"refsource" : "CONFIRM", ],
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1117776" "data_format": "MITRE",
} "data_type": "CVE",
] "data_version": "4.0",
}, "description": {
"source" : { "description_data": [
"advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1117776", {
"defect" : [ "lang": "eng",
"1117776" "value": "Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection"
], }
"discovery" : "INTERNAL" ]
} },
} "impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1117776",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117776"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117776",
"defect": [
"1117776"
],
"discovery": "INTERNAL"
}
}

122
2018/1xxx/CVE-2018-1144.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-04-16T00:00:00", "DATE_PUBLIC": "2018-04-16T00:00:00",
"ID" : "CVE-2018-1144", "ID": "CVE-2018-1144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)", "product_name": "N750 DB Wi-Fi Dual-Band N+ Gigabit Router (F9K1103)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Firmware 1.10.22?" "version_value": "Firmware 1.10.22?"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Belkin" "vendor_name": "Belkin"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2018-08", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2018-08" "lang": "eng",
} "value": "A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-08",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-08"
}
]
}
}

128
2018/1xxx/CVE-2018-1196.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-01-30T00:00:00", "DATE_PUBLIC": "2018-01-30T00:00:00",
"ID" : "CVE-2018-1196", "ID": "CVE-2018-1196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Spring Boot", "product_name": "Spring Boot",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.5.0 - 1.5.9" "version_value": "1.5.0 - 1.5.9"
}, },
{ {
"version_value" : "2.0.0.M1 - 2.0.0.M7" "version_value": "2.0.0.M1 - 2.0.0.M7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the \"run_user\" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the \"run_user\" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "privilege escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pivotal.io/security/cve-2018-1196", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://pivotal.io/security/cve-2018-1196" "lang": "eng",
} "value": "Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the \"run_user\" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the \"run_user\" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-1196",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1196"
}
]
}
}

140
2018/1xxx/CVE-2018-1671.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2018-1671", "ID": "CVE-2018-1671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10739019", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10739019" "lang": "eng",
}, "value": "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951."
{ }
"name" : "106202", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106202" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-curam-cve20181671-html-injection(144951)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10739019",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"name": "ibm-curam-cve20181671-html-injection(144951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951"
},
{
"name": "106202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106202"
}
]
}
}

210
2018/1xxx/CVE-2018-1802.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-11-07T00:00:00", "DATE_PUBLIC": "2018-11-07T00:00:00",
"ID" : "CVE-2018-1802", "ID": "CVE-2018-1802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DB2 for Linux, UNIX and Windows", "product_name": "DB2 for Linux, UNIX and Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.5" "version_value": "10.5"
}, },
{ {
"version_value" : "10.1" "version_value": "10.1"
}, },
{ {
"version_value" : "9.7" "version_value": "9.7"
}, },
{ {
"version_value" : "11.1" "version_value": "11.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "8.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10733122", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10733122" "lang": "eng",
}, "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640."
{ }
"name" : "105962", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105962" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "1042082", "A": "H",
"refsource" : "SECTRACK", "AC": "L",
"url" : "http://www.securitytracker.com/id/1042082" "AV": "L",
}, "C": "H",
{ "I": "H",
"name" : "ibm-db2-cve20181802-priv-escalation(149640)", "PR": "N",
"refsource" : "XF", "S": "U",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640" "SCORE": "8.400",
} "UI": "N"
] },
} "TM": {
} "E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105962"
},
{
"name": "ibm-db2-cve20181802-priv-escalation(149640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149640"
},
{
"name": "1042082",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042082"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10733122",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10733122"
}
]
}
}

130
2018/5xxx/CVE-2018-5040.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-5040", "ID": "CVE-2018-5040",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "1041250", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041250" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
}
]
}
}

156
2018/5xxx/CVE-2018-5525.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-05-30T00:00:00", "DATE_PUBLIC": "2018-05-30T00:00:00",
"ID" : "CVE-2018-5525", "ID": "CVE-2018-5525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0.0" "version_value": "13.0.0"
}, },
{ {
"version_value" : "12.1.0-12.1.2" "version_value": "12.1.0-12.1.2"
}, },
{ {
"version_value" : "11.6.1-11.6.3.1" "version_value": "11.6.1-11.6.3.1"
}, },
{ {
"version_value" : "11.5.1-11.5.5" "version_value": "11.5.1-11.5.5"
}, },
{ {
"version_value" : "11.2.1" "version_value": "11.2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data leak"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K00363258", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K00363258" "lang": "eng",
}, "value": "A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data."
{ }
"name" : "1041018", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041018" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Data leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K00363258",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K00363258"
},
{
"name": "1041018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041018"
}
]
}
}