admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:44:24 +00:00
parent 3f63c473eb
commit c2d3000c2b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3959 additions and 3917 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2004/0xxx/CVE-2004-0395.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0395", "ID": "CVE-2004-0395",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call." "value": "The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "DSA-509", "name": "DSA-509",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-509" "url": "http://www.debian.org/security/2004/dsa-509"
}, },
{ {
"name" : "10437", "name": "gatos-xatitv-gain-privileges(16273)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/10437" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16273"
}, },
{ {
"name" : "gatos-xatitv-gain-privileges(16273)", "name": "10437",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16273" "url": "http://www.securityfocus.com/bid/10437"
} }
] ]
} }

74
2004/0xxx/CVE-2004-0875.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0875", "ID": "CVE-2004-0875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module." "value": "Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "GLSA-200409-22", "name": "http://downloads.phpgroupware.org/changelog",
"refsource" : "GENTOO", "refsource": "CONFIRM",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-22.xml" "url": "http://downloads.phpgroupware.org/changelog"
}, },
{ {
"name" : "http://downloads.phpgroupware.org/changelog", "name": "GLSA-200409-22",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "http://downloads.phpgroupware.org/changelog" "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-22.xml"
}, },
{ {
"name" : "phpgroupware-xss(17289)", "name": "phpgroupware-xss(17289)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17289" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17289"
} }
] ]
} }

80
2004/1xxx/CVE-2004-1090.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1090", "ID": "CVE-2004-1090",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via \"a corrupt section header.\"" "value": "Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via \"a corrupt section header.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "DSA-639", "name": "midnight-commander-section-dos(18907)",
"refsource" : "DEBIAN", "refsource": "XF",
"url" : "http://www.debian.org/security/2005/dsa-639" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18907"
}, },
{ {
"name" : "RHSA-2005:512", "name": "13863",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-512.html" "url": "http://secunia.com/advisories/13863/"
}, },
{ {
"name" : "13863", "name": "DSA-639",
"refsource" : "SECUNIA", "refsource": "DEBIAN",
"url" : "http://secunia.com/advisories/13863/" "url": "http://www.debian.org/security/2005/dsa-639"
}, },
{ {
"name" : "midnight-commander-section-dos(18907)", "name": "RHSA-2005:512",
"refsource" : "XF", "refsource": "REDHAT",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18907" "url": "http://www.redhat.com/support/errata/RHSA-2005-512.html"
} }
] ]
} }

86
2004/1xxx/CVE-2004-1175.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1175", "ID": "CVE-2004-1175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "fish.c in midnight commander allows remote attackers to execute arbitrary programs via \"insecure filename quoting,\" possibly using shell metacharacters." "value": "fish.c in midnight commander allows remote attackers to execute arbitrary programs via \"insecure filename quoting,\" possibly using shell metacharacters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "DSA-639", "name": "midnight-commander-command-execution(18906)",
"refsource" : "DEBIAN", "refsource": "XF",
"url" : "http://www.debian.org/security/2005/dsa-639" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18906"
}, },
{ {
"name" : "RHSA-2005:512", "name": "13863",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-512.html" "url": "http://secunia.com/advisories/13863/"
}, },
{ {
"name" : "1012903", "name": "1012903",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://securitytracker.com/id?1012903" "url": "http://securitytracker.com/id?1012903"
}, },
{ {
"name" : "13863", "name": "DSA-639",
"refsource" : "SECUNIA", "refsource": "DEBIAN",
"url" : "http://secunia.com/advisories/13863/" "url": "http://www.debian.org/security/2005/dsa-639"
}, },
{ {
"name" : "midnight-commander-command-execution(18906)", "name": "RHSA-2005:512",
"refsource" : "XF", "refsource": "REDHAT",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18906" "url": "http://www.redhat.com/support/errata/RHSA-2005-512.html"
} }
] ]
} }

74
2004/1xxx/CVE-2004-1459.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1459", "ID": "CVE-2004-1459",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests." "value": "Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server", "name": "11047",
"refsource" : "CISCO", "refsource": "BID",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml" "url": "http://www.securityfocus.com/bid/11047"
}, },
{ {
"name" : "11047", "name": "ciscosecure-leap-radius-dos(17116)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/11047" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116"
}, },
{ {
"name" : "ciscosecure-leap-radius-dos(17116)", "name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource" : "XF", "refsource": "CISCO",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116" "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
} }
] ]
} }

80
2004/1xxx/CVE-2004-1671.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1671", "ID": "CVE-2004-1671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html." "value": "Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7", "name": "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109483971420067&w=2" "url": "http://marc.info/?l=bugtraq&m=109483971420067&w=2"
}, },
{ {
"name" : "11371", "name": "12789",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/11371" "url": "http://secunia.com/advisories/12789"
}, },
{ {
"name" : "12789", "name": "merak-icewarp-path-disclosure(17315)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/12789" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17315"
}, },
{ {
"name" : "merak-icewarp-path-disclosure(17315)", "name": "11371",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17315" "url": "http://www.securityfocus.com/bid/11371"
} }
] ]
} }

158
2008/0xxx/CVE-2008-0807.json
View File

@ -1,141 +1,141 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0807", "ID": "CVE-2008-0807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book." "value": "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[announce] 20080215 Horde Groupware 1.0.4 (final)", "name": "29186",
"refsource" : "MLIST", "refsource": "SECUNIA",
"url" : "http://lists.horde.org/archives/announce/2008/000380.html" "url": "http://secunia.com/advisories/29186"
}, },
{ {
"name" : "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)", "name": "[announce] 20080215 Horde Groupware Webmail Edition 1.0.5 (final)",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://lists.horde.org/archives/announce/2008/000381.html" "url": "http://lists.horde.org/archives/announce/2008/000381.html"
}, },
{ {
"name" : "[announce] 20080215 Turba H3 (2.2-RC3)", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=432027",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "http://lists.horde.org/archives/announce/2008/000379.html" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027"
}, },
{ {
"name" : "[announce] 20080215 Turba H3 (2.1.7) (final)", "name": "FEDORA-2008-2087",
"refsource" : "MLIST", "refsource": "FEDORA",
"url" : "http://lists.horde.org/archives/announce/2008/000378.html" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html"
}, },
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058", "name": "27844",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058" "url": "http://www.securityfocus.com/bid/27844"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=432027", "name": "DSA-1507",
"refsource" : "CONFIRM", "refsource": "DEBIAN",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=432027" "url": "http://www.debian.org/security/2008/dsa-1507"
}, },
{ {
"name" : "DSA-1507", "name": "28982",
"refsource" : "DEBIAN", "refsource": "SECUNIA",
"url" : "http://www.debian.org/security/2008/dsa-1507" "url": "http://secunia.com/advisories/28982"
}, },
{ {
"name" : "FEDORA-2008-2040", "name": "29071",
"refsource" : "FEDORA", "refsource": "SECUNIA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html" "url": "http://secunia.com/advisories/29071"
}, },
{ {
"name" : "FEDORA-2008-2087", "name": "[announce] 20080215 Turba H3 (2.1.7) (final)",
"refsource" : "FEDORA", "refsource": "MLIST",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html" "url": "http://lists.horde.org/archives/announce/2008/000378.html"
}, },
{ {
"name" : "27844", "name": "ADV-2008-0593",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/27844" "url": "http://www.vupen.com/english/advisories/2008/0593/references"
}, },
{ {
"name" : "ADV-2008-0593", "name": "[announce] 20080215 Turba H3 (2.2-RC3)",
"refsource" : "VUPEN", "refsource": "MLIST",
"url" : "http://www.vupen.com/english/advisories/2008/0593/references" "url": "http://lists.horde.org/archives/announce/2008/000379.html"
}, },
{ {
"name" : "1019433", "name": "29185",
"refsource" : "SECTRACK", "refsource": "SECUNIA",
"url" : "http://www.securitytracker.com/id?1019433" "url": "http://secunia.com/advisories/29185"
}, },
{ {
"name" : "28982", "name": "[announce] 20080215 Horde Groupware 1.0.4 (final)",
"refsource" : "SECUNIA", "refsource": "MLIST",
"url" : "http://secunia.com/advisories/28982" "url": "http://lists.horde.org/archives/announce/2008/000380.html"
}, },
{ {
"name" : "29071", "name": "1019433",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/29071" "url": "http://www.securitytracker.com/id?1019433"
}, },
{ {
"name" : "29184", "name": "29184",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/29184" "url": "http://secunia.com/advisories/29184"
}, },
{ {
"name" : "29185", "name": "FEDORA-2008-2040",
"refsource" : "SECUNIA", "refsource": "FEDORA",
"url" : "http://secunia.com/advisories/29185" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html"
}, },
{ {
"name" : "29186", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/29186" "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058"
} }
] ]
} }

74
2008/3xxx/CVE-2008-3061.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3061", "ID": "CVE-2008-3061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter." "value": "Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://osvdb.org/ref/48/48-v-webmail.txt", "name": "http://osvdb.org/ref/48/48-v-webmail.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://osvdb.org/ref/48/48-v-webmail.txt" "url": "http://osvdb.org/ref/48/48-v-webmail.txt"
}, },
{ {
"name" : "48796", "name": "vwebmail-redirect-phishing(45855)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://www.osvdb.org/48796" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45855"
}, },
{ {
"name" : "vwebmail-redirect-phishing(45855)", "name": "48796",
"refsource" : "XF", "refsource": "OSVDB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45855" "url": "http://www.osvdb.org/48796"
} }
] ]
} }

74
2008/3xxx/CVE-2008-3354.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3354", "ID": "CVE-2008-3354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." "value": "Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.securityfocus.com/bid/30331/exploit", "name": "30331",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/30331/exploit" "url": "http://www.securityfocus.com/bid/30331"
}, },
{ {
"name" : "30331", "name": "runcms-votepolls-file-include(43969)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/30331" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43969"
}, },
{ {
"name" : "runcms-votepolls-file-include(43969)", "name": "http://www.securityfocus.com/bid/30331/exploit",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43969" "url": "http://www.securityfocus.com/bid/30331/exploit"
} }
] ]
} }

86
2008/3xxx/CVE-2008-3388.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3388", "ID": "CVE-2008-3388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php." "value": "Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080718 Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities", "name": "30289",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/494534/100/0/threaded" "url": "http://www.securityfocus.com/bid/30289"
}, },
{ {
"name" : "30289", "name": "20080718 Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/30289" "url": "http://www.securityfocus.com/archive/1/494534/100/0/threaded"
}, },
{ {
"name" : "31174", "name": "4079",
"refsource" : "SECUNIA", "refsource": "SREASON",
"url" : "http://secunia.com/advisories/31174" "url": "http://securityreason.com/securityalert/4079"
}, },
{ {
"name" : "4079", "name": "31174",
"refsource" : "SREASON", "refsource": "SECUNIA",
"url" : "http://securityreason.com/securityalert/4079" "url": "http://secunia.com/advisories/31174"
}, },
{ {
"name" : "defblog-comaddok-comlook-sql-injection(43909)", "name": "defblog-comaddok-comlook-sql-injection(43909)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43909" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43909"
} }
] ]
} }

128
2008/3xxx/CVE-2008-3823.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3823", "ID": "CVE-2008-3823",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message." "value": "Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)", "name": "horde-mime-xss(45030)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://www.securityfocus.com/archive/1/496182/100/0/threaded" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030"
}, },
{ {
"name" : "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)", "name": "31842",
"refsource" : "MLIST", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=horde-announce&m=122104360019867&w=2" "url": "http://secunia.com/advisories/31842"
}, },
{ {
"name" : "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)", "name": "DSA-1642",
"refsource" : "MLIST", "refsource": "DEBIAN",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/10/1" "url": "http://www.debian.org/security/2008/dsa-1642"
}, },
{ {
"name" : "http://ocert.org/patches/2008-012/MIME.patch", "name": "ADV-2008-2548",
"refsource" : "MISC", "refsource": "VUPEN",
"url" : "http://ocert.org/patches/2008-012/MIME.patch" "url": "http://www.vupen.com/english/advisories/2008/2548"
}, },
{ {
"name" : "http://www.ocert.org/advisories/ocert-2008-012.html", "name": "31959",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://www.ocert.org/advisories/ocert-2008-012.html" "url": "http://secunia.com/advisories/31959"
}, },
{ {
"name" : "DSA-1642", "name": "http://ocert.org/patches/2008-012/MIME.patch",
"refsource" : "DEBIAN", "refsource": "MISC",
"url" : "http://www.debian.org/security/2008/dsa-1642" "url": "http://ocert.org/patches/2008-012/MIME.patch"
}, },
{ {
"name" : "31110", "name": "[horde-announce] 20080910 [SECURITY] Horde 3.2.2 (final)",
"refsource" : "BID", "refsource": "MLIST",
"url" : "http://www.securityfocus.com/bid/31110" "url": "http://marc.info/?l=horde-announce&m=122104360019867&w=2"
}, },
{ {
"name" : "ADV-2008-2548", "name": "31110",
"refsource" : "VUPEN", "refsource": "BID",
"url" : "http://www.vupen.com/english/advisories/2008/2548" "url": "http://www.securityfocus.com/bid/31110"
}, },
{ {
"name" : "31842", "name": "20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"refsource" : "SECUNIA", "refsource": "BUGTRAQ",
"url" : "http://secunia.com/advisories/31842" "url": "http://www.securityfocus.com/archive/1/496182/100/0/threaded"
}, },
{ {
"name" : "31959", "name": "4245",
"refsource" : "SECUNIA", "refsource": "SREASON",
"url" : "http://secunia.com/advisories/31959" "url": "http://securityreason.com/securityalert/4245"
}, },
{ {
"name" : "4245", "name": "[oss-security] 20080910 [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)",
"refsource" : "SREASON", "refsource": "MLIST",
"url" : "http://securityreason.com/securityalert/4245" "url": "http://www.openwall.com/lists/oss-security/2008/09/10/1"
}, },
{ {
"name" : "horde-mime-xss(45030)", "name": "http://www.ocert.org/advisories/ocert-2008-012.html",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45030" "url": "http://www.ocert.org/advisories/ocert-2008-012.html"
} }
] ]
} }

98
2008/4xxx/CVE-2008-4103.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4103", "ID": "CVE-2008-4103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam." "value": "The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20080911 CVE request for Joomla multiple vuln.", "name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122118210029084&w=2" "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"
}, },
{ {
"name" : "[oss-security] 20080911 CVE request: joomla < 1.5.7", "name": "31789",
"refsource" : "MLIST", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=oss-security&m=122115344915232&w=2" "url": "http://secunia.com/advisories/31789"
}, },
{ {
"name" : "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", "name": "http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "http://marc.info/?l=oss-security&m=122152798516853&w=2" "url": "http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html"
}, },
{ {
"name" : "http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html", "name": "[oss-security] 20080911 CVE request: joomla < 1.5.7",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html" "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"
}, },
{ {
"name" : "31789", "name": "4275",
"refsource" : "SECUNIA", "refsource": "SREASON",
"url" : "http://secunia.com/advisories/31789" "url": "http://securityreason.com/securityalert/4275"
}, },
{ {
"name" : "4275", "name": "mailto-joomla-mail-relay(45070)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/4275" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45070"
}, },
{ {
"name" : "mailto-joomla-mail-relay(45070)", "name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource" : "XF", "refsource": "MLIST",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45070" "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"
} }
] ]
} }

158
2008/4xxx/CVE-2008-4694.json
View File

@ -1,141 +1,141 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4694", "ID": "CVE-2008-4694",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL." "value": "Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20081021 CVE Request: Opera 9.60 with security fixes", "name": "32394",
"refsource" : "MLIST", "refsource": "SECUNIA",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/21/5" "url": "http://secunia.com/advisories/32394"
}, },
{ {
"name" : "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes", "name": "32538",
"refsource" : "MLIST", "refsource": "SECUNIA",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/22/5" "url": "http://secunia.com/advisories/32538"
}, },
{ {
"name" : "http://www.opera.com/docs/changelogs/freebsd/960/", "name": "http://www.opera.com/docs/changelogs/solaris/960/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/freebsd/960/" "url": "http://www.opera.com/docs/changelogs/solaris/960/"
}, },
{ {
"name" : "http://www.opera.com/docs/changelogs/linux/960/", "name": "[oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://www.opera.com/docs/changelogs/linux/960/" "url": "http://www.openwall.com/lists/oss-security/2008/10/22/5"
}, },
{ {
"name" : "http://www.opera.com/docs/changelogs/mac/960/", "name": "1021016",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://www.opera.com/docs/changelogs/mac/960/" "url": "http://securitytracker.com/id?1021016"
}, },
{ {
"name" : "http://www.opera.com/docs/changelogs/solaris/960/", "name": "[oss-security] 20081021 CVE Request: Opera 9.60 with security fixes",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://www.opera.com/docs/changelogs/solaris/960/" "url": "http://www.openwall.com/lists/oss-security/2008/10/21/5"
}, },
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/960/", "name": "32177",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www.opera.com/docs/changelogs/windows/960/" "url": "http://secunia.com/advisories/32177"
}, },
{ {
"name" : "http://www.opera.com/support/search/view/901/", "name": "http://www.opera.com/docs/changelogs/windows/960/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.opera.com/support/search/view/901/" "url": "http://www.opera.com/docs/changelogs/windows/960/"
}, },
{ {
"name" : "GLSA-200811-01", "name": "opera-redirect-code-execution(45722)",
"refsource" : "GENTOO", "refsource": "XF",
"url" : "http://security.gentoo.org/glsa/glsa-200811-01.xml" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45722"
}, },
{ {
"name" : "SUSE-SR:2008:022", "name": "31631",
"refsource" : "SUSE", "refsource": "BID",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html" "url": "http://www.securityfocus.com/bid/31631"
}, },
{ {
"name" : "31631", "name": "SUSE-SR:2008:022",
"refsource" : "BID", "refsource": "SUSE",
"url" : "http://www.securityfocus.com/bid/31631" "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html"
}, },
{ {
"name" : "32538", "name": "http://www.opera.com/docs/changelogs/linux/960/",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/32538" "url": "http://www.opera.com/docs/changelogs/linux/960/"
}, },
{ {
"name" : "ADV-2008-2765", "name": "http://www.opera.com/docs/changelogs/mac/960/",
"refsource" : "VUPEN", "refsource": "CONFIRM",
"url" : "http://www.vupen.com/english/advisories/2008/2765" "url": "http://www.opera.com/docs/changelogs/mac/960/"
}, },
{ {
"name" : "1021016", "name": "ADV-2008-2765",
"refsource" : "SECTRACK", "refsource": "VUPEN",
"url" : "http://securitytracker.com/id?1021016" "url": "http://www.vupen.com/english/advisories/2008/2765"
}, },
{ {
"name" : "32177", "name": "http://www.opera.com/support/search/view/901/",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/32177" "url": "http://www.opera.com/support/search/view/901/"
}, },
{ {
"name" : "32394", "name": "http://www.opera.com/docs/changelogs/freebsd/960/",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/32394" "url": "http://www.opera.com/docs/changelogs/freebsd/960/"
}, },
{ {
"name" : "opera-redirect-code-execution(45722)", "name": "GLSA-200811-01",
"refsource" : "XF", "refsource": "GENTOO",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45722" "url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"
} }
] ]
} }

86
2008/4xxx/CVE-2008-4885.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4885", "ID": "CVE-2008-4885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter." "value": "SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6942", "name": "49597",
"refsource" : "EXPLOIT-DB", "refsource": "OSVDB",
"url" : "https://www.exploit-db.com/exploits/6942" "url": "http://osvdb.org/49597"
}, },
{ {
"name" : "32060", "name": "6942",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/32060" "url": "https://www.exploit-db.com/exploits/6942"
}, },
{ {
"name" : "49597", "name": "32060",
"refsource" : "OSVDB", "refsource": "BID",
"url" : "http://osvdb.org/49597" "url": "http://www.securityfocus.com/bid/32060"
}, },
{ {
"name" : "4541", "name": "4541",
"refsource" : "SREASON", "refsource": "SREASON",
"url" : "http://securityreason.com/securityalert/4541" "url": "http://securityreason.com/securityalert/4541"
}, },
{ {
"name" : "ADV-2008-2983", "name": "ADV-2008-2983",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2983" "url": "http://www.vupen.com/english/advisories/2008/2983"
} }
] ]
} }

80
2008/6xxx/CVE-2008-6428.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6428", "ID": "CVE-2008-6428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors." "value": "The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://kayalang.org/about/news", "name": "45882",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://kayalang.org/about/news" "url": "http://osvdb.org/45882"
}, },
{ {
"name" : "45882", "name": "kaya-cgiframework-header-injection(42774)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/45882" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42774"
}, },
{ {
"name" : "30466", "name": "30466",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/30466" "url": "http://secunia.com/advisories/30466"
}, },
{ {
"name" : "kaya-cgiframework-header-injection(42774)", "name": "http://kayalang.org/about/news",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42774" "url": "http://kayalang.org/about/news"
} }
] ]
} }

74
2008/6xxx/CVE-2008-6529.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6529", "ID": "CVE-2008-6529",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter." "value": "Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7408", "name": "32761",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/7408" "url": "http://www.securityfocus.com/bid/32761"
}, },
{ {
"name" : "32761", "name": "livinglocal-listtest-xss(47214)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/32761" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47214"
}, },
{ {
"name" : "livinglocal-listtest-xss(47214)", "name": "7408",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47214" "url": "https://www.exploit-db.com/exploits/7408"
} }
] ]
} }

74
2008/6xxx/CVE-2008-6851.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6851", "ID": "CVE-2008-6851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter." "value": "SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7558", "name": "32989",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/7558" "url": "http://www.securityfocus.com/bid/32989"
}, },
{ {
"name" : "32989", "name": "phpld-page-sql-injection(47580)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/32989" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47580"
}, },
{ {
"name" : "phpld-page-sql-injection(47580)", "name": "7558",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47580" "url": "https://www.exploit-db.com/exploits/7558"
} }
] ]
} }

62
2013/2xxx/CVE-2013-2144.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2144", "ID": "CVE-2013-2144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot." "value": "Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "RHSA-2013:0888", "name": "RHSA-2013:0888",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0888.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0888.html"
} }
] ]
} }

86
2013/2xxx/CVE-2013-2376.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2376", "ID": "CVE-2013-2376",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure." "value": "Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "name": "53372",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" "url": "http://secunia.com/advisories/53372"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "name": "GLSA-201308-06",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}, },
{ {
"name" : "GLSA-201308-06", "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "GENTOO", "refsource": "CONFIRM",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
}, },
{ {
"name" : "MDVSA-2013:150", "name": "MDVSA-2013:150",
"refsource" : "MANDRIVA", "refsource": "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}, },
{ {
"name" : "53372", "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/53372" "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
} }
] ]
} }

278
2013/2xxx/CVE-2013-2384.json
View File

@ -1,241 +1,241 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2384", "ID": "CVE-2013-2384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font layout\" in the International Components for Unicode (ICU) Layout Engine before 51.2." "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font layout\" in the International Components for Unicode (ICU) Layout Engine before 51.2."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952709",
"refsource" : "MLIST", "refsource": "MISC",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952709"
}, },
{ {
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7", "name": "SUSE-SU-2013:0835",
"refsource" : "MISC", "refsource": "SUSE",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952709", "name": "GLSA-201406-32",
"refsource" : "MISC", "refsource": "GENTOO",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952709" "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
}, },
{ {
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", "name": "SUSE-SU-2013:0871",
"refsource" : "CONFIRM", "refsource": "SUSE",
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
}, },
{ {
"name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", "name": "RHSA-2013:0758",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
}, },
{ {
"name" : "http://bugs.icu-project.org/trac/ticket/10107", "name": "http://site.icu-project.org/download/51#TOC-Known-Issues",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://bugs.icu-project.org/trac/ticket/10107" "url": "http://site.icu-project.org/download/51#TOC-Known-Issues"
}, },
{ {
"name" : "http://site.icu-project.org/download/51#TOC-Known-Issues", "name": "APPLE-SA-2013-04-16-2",
"refsource" : "CONFIRM", "refsource": "APPLE",
"url" : "http://site.icu-project.org/download/51#TOC-Known-Issues" "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
}, },
{ {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", "name": "MDVSA-2013:145",
"refsource" : "CONFIRM", "refsource": "MANDRIVA",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
}, },
{ {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", "name": "TA13-107A",
"refsource" : "CONFIRM", "refsource": "CERT",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7"
}, },
{ {
"name" : "APPLE-SA-2013-04-16-2", "name": "SSRT101252",
"refsource" : "APPLE", "refsource": "HP",
"url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
}, },
{ {
"name" : "GLSA-201406-32", "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource" : "GENTOO", "refsource": "CONFIRM",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
}, },
{ {
"name" : "HPSBUX02889", "name": "RHSA-2013:1455",
"refsource" : "HP", "refsource": "REDHAT",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
}, },
{ {
"name" : "SSRT101252", "name": "oval:org.mitre.oval:def:19549",
"refsource" : "HP", "refsource": "OVAL",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19549"
}, },
{ {
"name" : "HPSBUX02922", "name": "SSRT101305",
"refsource" : "HP", "refsource": "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
}, },
{ {
"name" : "SSRT101305", "name": "RHSA-2013:0757",
"refsource" : "HP", "refsource": "REDHAT",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
}, },
{ {
"name" : "MDVSA-2013:145", "name": "HPSBUX02922",
"refsource" : "MANDRIVA", "refsource": "HP",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
}, },
{ {
"name" : "MDVSA-2013:161", "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource" : "MANDRIVA", "refsource": "CONFIRM",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
}, },
{ {
"name" : "RHSA-2013:0752", "name": "openSUSE-SU-2013:0777",
"refsource" : "REDHAT", "refsource": "SUSE",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
}, },
{ {
"name" : "RHSA-2013:0757", "name": "MDVSA-2013:161",
"refsource" : "REDHAT", "refsource": "MANDRIVA",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
}, },
{ {
"name" : "RHSA-2013:0758", "name": "openSUSE-SU-2013:0964",
"refsource" : "REDHAT", "refsource": "SUSE",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
}, },
{ {
"name" : "RHSA-2013:1455", "name": "RHSA-2013:0752",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
}, },
{ {
"name" : "RHSA-2013:1456", "name": "http://bugs.icu-project.org/trac/ticket/10107",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "url": "http://bugs.icu-project.org/trac/ticket/10107"
}, },
{ {
"name" : "SUSE-SU-2013:0814", "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "SUSE", "refsource": "CONFIRM",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
}, },
{ {
"name" : "openSUSE-SU-2013:0777", "name": "oval:org.mitre.oval:def:16549",
"refsource" : "SUSE", "refsource": "OVAL",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16549"
}, },
{ {
"name" : "SUSE-SU-2013:0835", "name": "USN-1806-1",
"refsource" : "SUSE", "refsource": "UBUNTU",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" "url": "http://www.ubuntu.com/usn/USN-1806-1"
}, },
{ {
"name" : "SUSE-SU-2013:0871", "name": "oval:org.mitre.oval:def:19341",
"refsource" : "SUSE", "refsource": "OVAL",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19341"
}, },
{ {
"name" : "SUSE-SU-2013:0934", "name": "59179",
"refsource" : "SUSE", "refsource": "BID",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html" "url": "http://www.securityfocus.com/bid/59179"
}, },
{ {
"name" : "openSUSE-SU-2013:0964", "name": "RHSA-2013:1456",
"refsource" : "SUSE", "refsource": "REDHAT",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
}, },
{ {
"name" : "USN-1806-1", "name": "SUSE-SU-2013:0814",
"refsource" : "UBUNTU", "refsource": "SUSE",
"url" : "http://www.ubuntu.com/usn/USN-1806-1" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
}, },
{ {
"name" : "TA13-107A", "name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource" : "CERT", "refsource": "CONFIRM",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
}, },
{ {
"name" : "59179", "name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/59179" "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16549", "name": "SUSE-SU-2013:0934",
"refsource" : "OVAL", "refsource": "SUSE",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16549" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:19341", "name": "HPSBUX02889",
"refsource" : "OVAL", "refsource": "HP",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19341" "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
}, },
{ {
"name" : "oval:org.mitre.oval:def:19549", "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "OVAL", "refsource": "CONFIRM",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19549" "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
} }
] ]
} }

92
2013/2xxx/CVE-2013-2586.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2586", "ID": "CVE-2013-2586",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method." "value": "XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20130926 XAMPP 1.8.1 Local Write Access Vulnerability", "name": "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html",
"refsource" : "BUGTRAQ", "refsource": "MISC",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0131.html" "url": "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html"
}, },
{ {
"name" : "28654", "name": "20130926 XAMPP 1.8.1 Local Write Access Vulnerability",
"refsource" : "EXPLOIT-DB", "refsource": "BUGTRAQ",
"url" : "http://www.exploit-db.com/exploits/28654" "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0131.html"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html", "name": "97780",
"refsource" : "MISC", "refsource": "OSVDB",
"url" : "http://packetstormsecurity.com/files/123407/XAMPP-1.8.1-Local-Write-Access.html" "url": "http://osvdb.org/97780"
}, },
{ {
"name" : "62665", "name": "28654",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/62665" "url": "http://www.exploit-db.com/exploits/28654"
}, },
{ {
"name" : "97780", "name": "62665",
"refsource" : "OSVDB", "refsource": "BID",
"url" : "http://osvdb.org/97780" "url": "http://www.securityfocus.com/bid/62665"
}, },
{ {
"name" : "xampp-cve20122586-lang-security-bypass(87499)", "name": "xampp-cve20122586-lang-security-bypass(87499)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87499" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87499"
} }
] ]
} }

22
2013/6xxx/CVE-2013-6137.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6137", "ID": "CVE-2013-6137",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2013/6xxx/CVE-2013-6769.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6769", "ID": "CVE-2013-6769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su." "value": "The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20131113 Android Superuser shell character escape vulnerability", "name": "20131113 Android Superuser shell character escape vulnerability",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/529797" "url": "http://www.securityfocus.com/archive/1/529797"
} }
] ]
} }

92
2013/6xxx/CVE-2013-6936.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6936", "ID": "CVE-2013-6936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter." "value": "Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability", "name": "100030",
"refsource" : "BUGTRAQ", "refsource": "OSVDB",
"url" : "http://seclists.org/bugtraq/2013/Nov/102" "url": "http://osvdb.org/100030"
}, },
{ {
"name" : "29797", "name": "29797",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/29797" "url": "http://www.exploit-db.com/exploits/29797"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html", "name": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html" "url": "http://packetstormsecurity.com/files/124091/MyBB-Ajaxfs-SQL-Injection.html"
}, },
{ {
"name" : "http://www.iedb.ir/exploits-889.html", "name": "http://www.iedb.ir/exploits-889.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.iedb.ir/exploits-889.html" "url": "http://www.iedb.ir/exploits-889.html"
}, },
{ {
"name" : "100030", "name": "mybb-ajaxfs-sql-injection(89084)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/100030" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084"
}, },
{ {
"name" : "mybb-ajaxfs-sql-injection(89084)", "name": "20131120 Mybb Ajaxfs Plugin Sql Injection vulnerability",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89084" "url": "http://seclists.org/bugtraq/2013/Nov/102"
} }
] ]
} }

98
2017/10xxx/CVE-2017-10046.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10046", "ID": "CVE-2017-10046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Primavera P6 Enterprise Project Portfolio Management", "product_name": "Primavera P6 Enterprise Project Portfolio Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.3" "version_value": "8.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.4" "version_value": "8.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "15.1" "version_value": "15.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "15.2" "version_value": "15.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "16.1" "version_value": "16.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "44141", "name": "1038946",
"refsource" : "EXPLOIT-DB", "refsource": "SECTRACK",
"url" : "https://www.exploit-db.com/exploits/44141/" "url": "http://www.securitytracker.com/id/1038946"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}, },
{ {
"name" : "99770", "name": "44141",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/99770" "url": "https://www.exploit-db.com/exploits/44141/"
}, },
{ {
"name" : "1038946", "name": "99770",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1038946" "url": "http://www.securityfocus.com/bid/99770"
} }
] ]
} }

22
2017/10xxx/CVE-2017-10544.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10544", "ID": "CVE-2017-10544",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2017/14xxx/CVE-2017-14107.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14107", "ID": "CVE-2017-14107",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive." "value": "The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/", "name": "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/" "url": "https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/"
}, },
{ {
"name" : "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5", "name": "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5" "url": "https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5"
} }
] ]
} }

176
2017/14xxx/CVE-2017-14493.json
View File

@ -1,156 +1,156 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14493", "ID": "CVE-2017-14493",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request." "value": "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "42943", "name": "1039474",
"refsource" : "EXPLOIT-DB", "refsource": "SECTRACK",
"url" : "https://www.exploit-db.com/exploits/42943/" "url": "http://www.securitytracker.com/id/1039474"
}, },
{ {
"name" : "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", "name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
}, },
{ {
"name" : "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", "name": "DSA-3989",
"refsource" : "MLIST", "refsource": "DEBIAN",
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" "url": "http://www.debian.org/security/2017/dsa-3989"
}, },
{ {
"name" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033"
}, },
{ {
"name" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG", "name": "https://access.redhat.com/security/vulnerabilities/3199382",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG" "url": "https://access.redhat.com/security/vulnerabilities/3199382"
}, },
{ {
"name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033", "name": "101085",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033" "url": "http://www.securityfocus.com/bid/101085"
}, },
{ {
"name" : "https://access.redhat.com/security/vulnerabilities/3199382", "name": "42943",
"refsource" : "CONFIRM", "refsource": "EXPLOIT-DB",
"url" : "https://access.redhat.com/security/vulnerabilities/3199382" "url": "https://www.exploit-db.com/exploits/42943/"
}, },
{ {
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "name": "USN-3430-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" "url": "http://www.ubuntu.com/usn/USN-3430-1"
}, },
{ {
"name" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", "name": "VU#973527",
"refsource" : "CONFIRM", "refsource": "CERT-VN",
"url" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" "url": "https://www.kb.cert.org/vuls/id/973527"
}, },
{ {
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", "name": "GLSA-201710-27",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" "url": "https://security.gentoo.org/glsa/201710-27"
}, },
{ {
"name" : "DSA-3989", "name": "USN-3430-2",
"refsource" : "DEBIAN", "refsource": "UBUNTU",
"url" : "http://www.debian.org/security/2017/dsa-3989" "url": "http://www.ubuntu.com/usn/USN-3430-2"
}, },
{ {
"name" : "GLSA-201710-27", "name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"refsource" : "GENTOO", "refsource": "MLIST",
"url" : "https://security.gentoo.org/glsa/201710-27" "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
}, },
{ {
"name" : "RHSA-2017:2836", "name": "RHSA-2017:2836",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2836" "url": "https://access.redhat.com/errata/RHSA-2017:2836"
}, },
{ {
"name" : "RHSA-2017:2837", "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2017:2837" "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}, },
{ {
"name" : "openSUSE-SU-2017:2633", "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
"refsource" : "SUSE", "refsource": "CONFIRM",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
}, },
{ {
"name" : "USN-3430-1", "name": "RHSA-2017:2837",
"refsource" : "UBUNTU", "refsource": "REDHAT",
"url" : "http://www.ubuntu.com/usn/USN-3430-1" "url": "https://access.redhat.com/errata/RHSA-2017:2837"
}, },
{ {
"name" : "USN-3430-2", "name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "http://www.ubuntu.com/usn/USN-3430-2" "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
}, },
{ {
"name" : "VU#973527", "name": "openSUSE-SU-2017:2633",
"refsource" : "CERT-VN", "refsource": "SUSE",
"url" : "https://www.kb.cert.org/vuls/id/973527" "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
}, },
{ {
"name" : "101085", "name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/101085" "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
}, },
{ {
"name" : "1039474", "name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource" : "SECTRACK", "refsource": "MLIST",
"url" : "http://www.securitytracker.com/id/1039474" "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
} }
] ]
} }

62
2017/14xxx/CVE-2017-14571.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14571", "ID": "CVE-2017-14571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an \"Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706.\"" "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an \"Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14571", "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14571",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14571" "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14571"
} }
] ]
} }

22
2017/14xxx/CVE-2017-14677.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-14677", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2017-14677",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }

22
2017/15xxx/CVE-2017-15004.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15004", "ID": "CVE-2017-15004",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

86
2017/15xxx/CVE-2017-15023.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15023", "ID": "CVE-2017-15023",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename." "value": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/", "name": "101611",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/" "url": "http://www.securityfocus.com/bid/101611"
}, },
{ {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22200", "name": "GLSA-201801-01",
"refsource" : "MISC", "refsource": "GENTOO",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22200" "url": "https://security.gentoo.org/glsa/201801-01"
}, },
{ {
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf", "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf" "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf"
}, },
{ {
"name" : "GLSA-201801-01", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22200",
"refsource" : "GENTOO", "refsource": "MISC",
"url" : "https://security.gentoo.org/glsa/201801-01" "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22200"
}, },
{ {
"name" : "101611", "name": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/101611" "url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/"
} }
] ]
} }

76
2017/15xxx/CVE-2017-15138.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-15138", "ID": "CVE-2017-15138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "atomic-openshift", "product_name": "atomic-openshift",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens." "value": "The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : [ "cvss": [
[ [
{ {
"vectorString" : "5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "vectorString": "5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version" : "3.0" "version": "3.0"
} }
] ]
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-200" "value": "CWE-200"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138"
}, },
{ {
"name" : "RHBA-2018:0489", "name": "RHBA-2018:0489",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2018:0489" "url": "https://access.redhat.com/errata/RHBA-2018:0489"
} }
] ]
} }

68
2017/15xxx/CVE-2017-15368.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15368", "ID": "CVE-2017-15368",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call." "value": "The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515", "name": "https://github.com/radare/radare2/issues/8673",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515" "url": "https://github.com/radare/radare2/issues/8673"
}, },
{ {
"name" : "https://github.com/radare/radare2/issues/8673", "name": "https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/radare/radare2/issues/8673" "url": "https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515"
} }
] ]
} }

62
2017/15xxx/CVE-2017-15766.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15766", "ID": "CVE-2017-15766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f0a0.\"" "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f0a0.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15766", "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15766",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15766" "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15766"
} }
] ]
} }

22
2017/15xxx/CVE-2017-15794.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15794", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2017-15794",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }

62
2017/9xxx/CVE-2017-9200.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9200", "ID": "CVE-2017-9200",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-tga.c:528:63." "value": "libautotrace.a in AutoTrace 0.31.1 has a \"cannot be represented in type int\" issue in input-tga.c:528:63."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
} }
] ]
} }

80
2017/9xxx/CVE-2017-9217.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9217", "ID": "CVE-2017-9217",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section." "value": "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be", "name": "https://github.com/systemd/systemd/pull/5998",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be" "url": "https://github.com/systemd/systemd/pull/5998"
}, },
{ {
"name" : "https://github.com/systemd/systemd/pull/5998", "name": "https://launchpad.net/bugs/1621396",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/systemd/systemd/pull/5998" "url": "https://launchpad.net/bugs/1621396"
}, },
{ {
"name" : "https://launchpad.net/bugs/1621396", "name": "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://launchpad.net/bugs/1621396" "url": "https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be"
}, },
{ {
"name" : "98677", "name": "98677",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/98677" "url": "http://www.securityfocus.com/bid/98677"
} }
] ]
} }

22
2017/9xxx/CVE-2017-9396.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9396", "ID": "CVE-2017-9396",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2017/9xxx/CVE-2017-9724.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2017-9724", "ID": "CVE-2017-9724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address." "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2017-09-01", "name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01" "url": "https://source.android.com/security/bulletin/2017-09-01"
}, },
{ {
"name" : "100658", "name": "100658",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/100658" "url": "http://www.securityfocus.com/bid/100658"
} }
] ]
} }

74
2018/0xxx/CVE-2018-0147.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0147", "ID": "CVE-2018-0147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Secure Access Control System", "product_name": "Cisco Secure Access Control System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Secure Access Control System" "version_value": "Cisco Secure Access Control System"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988." "value": "A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-20" "value": "CWE-20"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2", "name": "1040463",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2" "url": "http://www.securitytracker.com/id/1040463"
}, },
{ {
"name" : "103328", "name": "103328",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103328" "url": "http://www.securityfocus.com/bid/103328"
}, },
{ {
"name" : "1040463", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1040463" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2"
} }
] ]
} }

68
2018/0xxx/CVE-2018-0186.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0186", "ID": "CVE-2018-0186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XE", "product_name": "Cisco IOS XE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XE" "version_value": "Cisco IOS XE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022." "value": "Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-79" "value": "CWE-79"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss", "name": "103551",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss" "url": "http://www.securityfocus.com/bid/103551"
}, },
{ {
"name" : "103551", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/103551" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss"
} }
] ]
} }

88
2018/0xxx/CVE-2018-0435.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-05T16:00:00-0500", "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID" : "CVE-2018-0435", "ID": "CVE-2018-0435",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Umbrella API Unauthorized Access Vulnerability" "TITLE": "Cisco Umbrella API Unauthorized Access Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Umbrella ", "product_name": "Cisco Umbrella ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations." "value": "A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could exploit this vulnerability to view and potentially modify data for their organization or other organizations. A successful exploit could allow the attacker to read or modify data across multiple organizations."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : { "cvss": {
"baseScore" : "9.1", "baseScore": "9.1",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-287" "value": "CWE-287"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20180905 Cisco Umbrella API Unauthorized Access Vulnerability", "name": "105283",
"refsource" : "CISCO", "refsource": "BID",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api" "url": "http://www.securityfocus.com/bid/105283"
}, },
{ {
"name" : "105283", "name": "20180905 Cisco Umbrella API Unauthorized Access Vulnerability",
"refsource" : "BID", "refsource": "CISCO",
"url" : "http://www.securityfocus.com/bid/105283" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api"
} }
] ]
}, },
"source" : { "source": {
"advisory" : "cisco-sa-20180905-umbrella-api", "advisory": "cisco-sa-20180905-umbrella-api",
"defect" : [ "defect": [
[ [
"CSCvj37940", "CSCvj37940",
"CSCvj37954", "CSCvj37954",
@ -83,6 +83,6 @@
"CSCvj38122" "CSCvj38122"
] ]
], ],
"discovery" : "UNKNOWN" "discovery": "UNKNOWN"
} }
} }

74
2018/0xxx/CVE-2018-0563.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0563", "ID": "CVE-2018-0563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions", "product_name": "the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "" "version_value": ""
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION" "vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." "value": "Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Untrusted search path vulnerability" "value": "Untrusted search path vulnerability"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://flets.com/customer/next/sec/setup/esat_install.html", "name": "https://flets.com/customer/next/sec/setup/esat_install.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://flets.com/customer/next/sec/setup/esat_install.html" "url": "https://flets.com/customer/next/sec/setup/esat_install.html"
}, },
{ {
"name" : "https://flets.com/customer/tec/fvc/setup/esat_install.html", "name": "https://flets.com/customer/tec/fvc/setup/esat_install.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://flets.com/customer/tec/fvc/setup/esat_install.html" "url": "https://flets.com/customer/tec/fvc/setup/esat_install.html"
}, },
{ {
"name" : "JVN#20040004", "name": "JVN#20040004",
"refsource" : "JVN", "refsource": "JVN",
"url" : "http://jvn.jp/en/jp/JVN20040004/index.html" "url": "http://jvn.jp/en/jp/JVN20040004/index.html"
} }
] ]
} }

68
2018/1000xxx/CVE-2018-1000195.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.653459", "DATE_ASSIGNED": "2018-06-05T13:57:43.653459",
"DATE_REQUESTED" : "2018-05-09T00:00:00", "DATE_REQUESTED": "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000195", "ID": "CVE-2018-1000195",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.120 and older, LTS 2.107.2 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not." "value": "A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-441, CWE-918" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794", "name": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794" "url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-794"
} }
] ]
} }

68
2018/1000xxx/CVE-2018-1000816.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.456461", "DATE_ASSIGNED": "2018-11-27T13:54:33.456461",
"DATE_REQUESTED" : "2018-10-15T09:16:59", "DATE_REQUESTED": "2018-10-15T09:16:59",
"ID" : "CVE-2018-1000816", "ID": "CVE-2018-1000816",
"REQUESTER" : "lokalhorst@protonmail.com", "REQUESTER": "lokalhorst@protonmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Grafana", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "confirmed for 5.2.4 and 5.3.0 " "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Grafana" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.." "value": "Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross Site Scripting (XSS)" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/grafana/grafana/issues/13667", "name": "https://github.com/grafana/grafana/issues/13667",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/grafana/grafana/issues/13667" "url": "https://github.com/grafana/grafana/issues/13667"
} }
] ]
} }

22
2018/12xxx/CVE-2018-12497.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12497", "ID": "CVE-2018-12497",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

80
2018/12xxx/CVE-2018-12603.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12603", "ID": "CVE-2018-12603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114." "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "44919", "name": "https://packetstormsecurity.com/files/148268/LFCMS-3.7.0-Cross-Site-Request-Forgery.html",
"refsource" : "EXPLOIT-DB", "refsource": "MISC",
"url" : "https://www.exploit-db.com/exploits/44919/" "url": "https://packetstormsecurity.com/files/148268/LFCMS-3.7.0-Cross-Site-Request-Forgery.html"
}, },
{ {
"name" : "https://packetstormsecurity.com/files/148268/LFCMS-3.7.0-Cross-Site-Request-Forgery.html", "name": "44919",
"refsource" : "MISC", "refsource": "EXPLOIT-DB",
"url" : "https://packetstormsecurity.com/files/148268/LFCMS-3.7.0-Cross-Site-Request-Forgery.html" "url": "https://www.exploit-db.com/exploits/44919/"
}, },
{ {
"name" : "http://www.iwantacve.cn/index.php/archives/44/", "name": "https://www.cnblogs.com/v1vvwv/p/9203899.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.iwantacve.cn/index.php/archives/44/" "url": "https://www.cnblogs.com/v1vvwv/p/9203899.html"
}, },
{ {
"name" : "https://www.cnblogs.com/v1vvwv/p/9203899.html", "name": "http://www.iwantacve.cn/index.php/archives/44/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.cnblogs.com/v1vvwv/p/9203899.html" "url": "http://www.iwantacve.cn/index.php/archives/44/"
} }
] ]
} }

22
2018/12xxx/CVE-2018-12886.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12886", "ID": "CVE-2018-12886",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

88
2018/16xxx/CVE-2018-16078.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-16078", "ID": "CVE-2018-16078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "69.0.3497.81" "version_value": "69.0.3497.81"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." "value": "Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Insufficient policy enforcement" "value": "Insufficient policy enforcement"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://crbug.com/858820", "name": "105215",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://crbug.com/858820" "url": "http://www.securityfocus.com/bid/105215"
}, },
{ {
"name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", "name": "RHSA-2018:2666",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" "url": "https://access.redhat.com/errata/RHSA-2018:2666"
}, },
{ {
"name" : "GLSA-201811-10", "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html",
"refsource" : "GENTOO", "refsource": "CONFIRM",
"url" : "https://security.gentoo.org/glsa/201811-10" "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html"
}, },
{ {
"name" : "RHSA-2018:2666", "name": "GLSA-201811-10",
"refsource" : "REDHAT", "refsource": "GENTOO",
"url" : "https://access.redhat.com/errata/RHSA-2018:2666" "url": "https://security.gentoo.org/glsa/201811-10"
}, },
{ {
"name" : "105215", "name": "https://crbug.com/858820",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/105215" "url": "https://crbug.com/858820"
} }
] ]
} }

68
2018/16xxx/CVE-2018-16554.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16554", "ID": "CVE-2018-16554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling." "value": "The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176", "name": "https://nimo-zhang.github.io/2018/09/07/bug-analysis-1/#more",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176" "url": "https://nimo-zhang.github.io/2018/09/07/bug-analysis-1/#more"
}, },
{ {
"name" : "https://nimo-zhang.github.io/2018/09/07/bug-analysis-1/#more", "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://nimo-zhang.github.io/2018/09/07/bug-analysis-1/#more" "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908176"
} }
] ]
} }

62
2018/16xxx/CVE-2018-16771.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16771", "ID": "CVE-2018-16771",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php." "value": "Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/havok89/Hoosk/issues/46", "name": "https://github.com/havok89/Hoosk/issues/46",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/havok89/Hoosk/issues/46" "url": "https://github.com/havok89/Hoosk/issues/46"
} }
] ]
} }

80
2018/16xxx/CVE-2018-16949.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16949", "ID": "CVE-2018-16949",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections." "value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update", "name": "106375",
"refsource" : "MLIST", "refsource": "BID",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html" "url": "http://www.securityfocus.com/bid/106375"
}, },
{ {
"name" : "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt", "name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt" "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
}, },
{ {
"name" : "DSA-4302", "name": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt",
"refsource" : "DEBIAN", "refsource": "CONFIRM",
"url" : "https://www.debian.org/security/2018/dsa-4302" "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
}, },
{ {
"name" : "106375", "name": "DSA-4302",
"refsource" : "BID", "refsource": "DEBIAN",
"url" : "http://www.securityfocus.com/bid/106375" "url": "https://www.debian.org/security/2018/dsa-4302"
} }
] ]
} }

22
2018/4xxx/CVE-2018-4103.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4103", "ID": "CVE-2018-4103",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2018/4xxx/CVE-2018-4253.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4253", "ID": "CVE-2018-4253",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"AMD\" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app." "value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"AMD\" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://support.apple.com/HT208849", "name": "1041027",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://support.apple.com/HT208849" "url": "http://www.securitytracker.com/id/1041027"
}, },
{ {
"name" : "1041027", "name": "https://support.apple.com/HT208849",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1041027" "url": "https://support.apple.com/HT208849"
} }
] ]
} }

22
2018/4xxx/CVE-2018-4502.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4502", "ID": "CVE-2018-4502",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

56
2019/5xxx/CVE-2019-5417.json
View File

@ -1,17 +1,59 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5417",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5417",
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "serve",
"version": {
"version_data": [
{
"version_value": "Fixed Version 7.1.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": {
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hackerone.com/reports/358645",
"url": "https://hackerone.com/reports/358645"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server."
} }
] ]
} }