admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:46:28 +00:00
parent 1d9dd93aba
commit c3c82d6631
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4214 additions and 4214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2004/1xxx/CVE-2004-1854.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1854",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1854",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet."
"lang": "eng",
"value": "Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040324 Buffer overflow in PicoPhone 1.63",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108016032220647&w=2"
"name": "20040324 Buffer overflow in PicoPhone 1.63",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108016032220647&w=2"
},
{
"name" : "http://aluigi.altervista.org/adv/picobof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/picobof-adv.txt"
"name": "picophone-logging-function-bo(15595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15595"
},
{
"name" : "9969",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9969"
"name": "1009551",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009551"
},
{
"name" : "4550",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4550"
"name": "4550",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4550"
},
{
"name" : "1009551",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009551"
"name": "9969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9969"
},
{
"name" : "11209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11209"
"name": "http://aluigi.altervista.org/adv/picobof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/picobof-adv.txt"
},
{
"name" : "picophone-logging-function-bo(15595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15595"
"name": "11209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11209"
}
]
}

86
2004/1xxx/CVE-2004-1994.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1994",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1994",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm."
"lang": "eng",
"value": "FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040505 Fuse Talk Vunerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108377423825478&w=2"
"name": "20040505 Fuse Talk Vunerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108377423825478&w=2"
},
{
"name" : "10278",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10278"
"name": "fusetalk-banning-unauth-access(16081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16081"
},
{
"name" : "5894",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5894"
"name": "11555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11555"
},
{
"name" : "11555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11555"
"name": "5894",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5894"
},
{
"name" : "fusetalk-banning-unauth-access(16081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16081"
"name": "10278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10278"
}
]
}

22
2008/0xxx/CVE-2008-0168.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0168",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0168",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

104
2008/0xxx/CVE-2008-0401.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0401",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0401",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
"lang": "eng",
"value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
"name": "ADV-2008-0239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0239"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg24018010",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
"name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
},
{
"name" : "VU#158609",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/158609"
"name": "tivoli-provisioning-http-unspecified(39819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
},
{
"name" : "27387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27387"
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
},
{
"name" : "ADV-2008-0239",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0239"
"name": "28604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28604"
},
{
"name" : "1019249",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019249"
"name": "1019249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019249"
},
{
"name" : "28604",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28604"
"name": "VU#158609",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/158609"
},
{
"name" : "tivoli-provisioning-http-unspecified(39819)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
"name": "27387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27387"
}
]
}

212
2008/0xxx/CVE-2008-0420.json
View File

@ -1,186 +1,186 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0420",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0420",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10."
"lang": "eng",
"value": "modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080216 [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488264/100/0/threaded"
"name": "USN-582-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-582-2"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html"
"name": "http://browser.netscape.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://browser.netscape.com/releasenotes/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408076",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408076"
"name": "20080216 [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488264/100/0/threaded"
},
{
"name" : "http://browser.netscape.com/releasenotes/",
"refsource" : "CONFIRM",
"url" : "http://browser.netscape.com/releasenotes/"
"name": "FEDORA-2008-2118",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
},
{
"name" : "FEDORA-2008-2060",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
"name": "FEDORA-2008-2060",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
},
{
"name" : "FEDORA-2008-2118",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
"name": "30620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30620"
},
{
"name" : "GLSA-200805-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
"name": "29049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29049"
},
{
"name" : "MDVSA-2008:048",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
"name": "firefox-bmp-information-disclosure(40491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40491"
},
{
"name" : "238492",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
"name": "USN-582-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-582-1"
},
{
"name" : "USN-576-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/576-1/"
"name": "29167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29167"
},
{
"name" : "USN-582-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-582-1"
"name": "30327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30327"
},
{
"name" : "USN-582-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-582-2"
"name": "238492",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name" : "27826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27826"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=408076",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=408076"
},
{
"name" : "oval:org.mitre.oval:def:10119",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119"
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-07.html"
},
{
"name" : "ADV-2008-0627",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0627/references"
"name": "ADV-2008-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name" : "ADV-2008-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1793/references"
"name": "27826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27826"
},
{
"name" : "1019434",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019434"
"name": "firefox-bmp-dos(40606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40606"
},
{
"name" : "28839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28839"
"name": "1019434",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019434"
},
{
"name" : "29049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29049"
"name": "oval:org.mitre.oval:def:10119",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10119"
},
{
"name" : "28758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28758"
"name": "ADV-2008-0627",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0627/references"
},
{
"name" : "29167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29167"
"name": "GLSA-200805-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name" : "29098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29098"
"name": "28758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28758"
},
{
"name" : "30327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30327"
"name": "MDVSA-2008:048",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
},
{
"name" : "30620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30620"
"name": "29098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29098"
},
{
"name" : "firefox-bmp-information-disclosure(40491)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40491"
"name": "28839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28839"
},
{
"name" : "firefox-bmp-dos(40606)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40606"
"name": "USN-576-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/576-1/"
}
]
}

218
2008/3xxx/CVE-2008-3145.json
View File

@ -1,191 +1,191 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3145",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3145",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read."
"lang": "eng",
"value": "The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080729 rPSA-2008-0237-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494859/100/0/threaded"
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343"
"name": "http://www.wireshark.org/security/wnpa-sec-2008-04.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2008-04.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-04.html"
"name": "30181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30181"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470"
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=454984",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=454984"
"name": "20080729 rPSA-2008-0237-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494859/100/0/threaded"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237"
"name": "FEDORA-2008-6440",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2684",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2684"
"name": "RHSA-2008:0890",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm"
"name": "oval:org.mitre.oval:def:9020",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020"
},
{
"name" : "DSA-1673",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1673"
"name": "https://issues.rpath.com/browse/RPL-2684",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2684"
},
{
"name" : "FEDORA-2008-6440",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name" : "GLSA-200808-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml"
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237"
},
{
"name" : "MDVSA-2008:152",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:152"
"name": "ADV-2008-2057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2057/references"
},
{
"name" : "RHSA-2008:0890",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html"
"name": "GLSA-200808-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-04.xml"
},
{
"name" : "SUSE-SR:2008:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name": "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343"
},
{
"name" : "30181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30181"
"name": "wireshark-packets-dos(43719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43719"
},
{
"name" : "oval:org.mitre.oval:def:9020",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm"
},
{
"name" : "ADV-2008-2057",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2057/references"
"name": "MDVSA-2008:152",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:152"
},
{
"name" : "ADV-2008-2773",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2773"
"name": "32091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32091"
},
{
"name" : "1020471",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020471"
"name": "31044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31044"
},
{
"name" : "31044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31044"
"name": "ADV-2008-2773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2773"
},
{
"name" : "31085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31085"
"name": "32944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32944"
},
{
"name" : "31257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31257"
"name": "31257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31257"
},
{
"name" : "31378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31378"
"name": "31378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31378"
},
{
"name" : "31687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31687"
"name": "DSA-1673",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1673"
},
{
"name" : "32091",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32091"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=454984",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=454984"
},
{
"name" : "32944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32944"
"name": "31085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31085"
},
{
"name" : "wireshark-packets-dos(43719)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43719"
"name": "1020471",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020471"
}
]
}

116
2008/3xxx/CVE-2008-3491.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3491",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3491",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action."
"lang": "eng",
"value": "SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6185",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6185"
"name": "47333",
"refsource": "OSVDB",
"url": "http://osvdb.org/47333"
},
{
"name" : "6186",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6186"
"name": "6185",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6185"
},
{
"name" : "30504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30504"
"name": "6186",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6186"
},
{
"name" : "30505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30505"
"name": "31344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31344"
},
{
"name" : "47333",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/47333"
"name": "4117",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4117"
},
{
"name" : "31344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31344"
"name": "30505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30505"
},
{
"name" : "31345",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31345"
"name": "itgp-go-sql-injection(44175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44175"
},
{
"name" : "4117",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4117"
"name": "ipost-go-sql-injection(44176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44176"
},
{
"name" : "ipost-go-sql-injection(44176)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44176"
"name": "31345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31345"
},
{
"name" : "itgp-go-sql-injection(44175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44175"
"name": "30504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30504"
}
]
}

158
2008/3xxx/CVE-2008-3636.json
View File

@ -1,141 +1,141 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3636",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3636",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\\\.\\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself."
"lang": "eng",
"value": "Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\\\.\\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081007 [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497131/100/0/threaded"
"name": "1020999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020999"
},
{
"name" : "http://www.wintercore.com/advisories/advisory_W021008.html",
"refsource" : "MISC",
"url" : "http://www.wintercore.com/advisories/advisory_W021008.html"
"name": "APPLE-SA-2009-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html"
},
{
"name" : "http://support.apple.com/kb/HT3025",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3025"
"name": "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2008.10.07a.html"
"name": "ADV-2008-2770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2770"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html"
"name": "ADV-2008-2526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2526"
},
{
"name" : "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf"
"name": "1020998",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020998"
},
{
"name" : "APPLE-SA-2009-09-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html"
"name": "1020839",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020839"
},
{
"name" : "VU#146896",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/146896"
"name": "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf",
"refsource": "CONFIRM",
"url": "http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf"
},
{
"name" : "31089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31089"
"name": "http://support.apple.com/kb/HT3025",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3025"
},
{
"name" : "oval:org.mitre.oval:def:6035",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6035"
"name": "1020997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020997"
},
{
"name" : "1020997",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020997"
"name": "ADV-2008-2769",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2769"
},
{
"name" : "1020998",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020998"
"name": "VU#146896",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/146896"
},
{
"name" : "1020999",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020999"
"name": "http://www.wintercore.com/advisories/advisory_W021008.html",
"refsource": "MISC",
"url": "http://www.wintercore.com/advisories/advisory_W021008.html"
},
{
"name" : "ADV-2008-2769",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2769"
"name": "oval:org.mitre.oval:def:6035",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6035"
},
{
"name" : "ADV-2008-2526",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2526"
"name": "31089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31089"
},
{
"name" : "1020839",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020839"
"name": "20081007 [W02-1008] GearSoftware Powered Products Local Privilege Escalation (Microsoft Windows Kernel IopfCompleteRequest Integer Overflow)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497131/100/0/threaded"
},
{
"name" : "ADV-2008-2770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2770"
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html"
}
]
}

80
2008/3xxx/CVE-2008-3705.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3705",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3705",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a \"very crowded echoServer\" attack. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a \"very crowded echoServer\" attack. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100"
"name": "30722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30722"
},
{
"name" : "30722",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30722"
"name": "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=620019&group_id=133100"
},
{
"name" : "31526",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31526"
"name": "echovnc-clogger-bo(44501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44501"
},
{
"name" : "echovnc-clogger-bo(44501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44501"
"name": "31526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31526"
}
]
}

80
2008/3xxx/CVE-2008-3707.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3707",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3707",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation."
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt"
"name": "cyboardsphplite-scriptpath-file-include(44474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44474"
},
{
"name" : "20080819 CyBoards PHP uncertainties (RFI/path traversal)",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2008-August/002052.html"
"name": "30688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30688"
},
{
"name" : "30688",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30688"
"name": "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt"
},
{
"name" : "cyboardsphplite-scriptpath-file-include(44474)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44474"
"name": "20080819 CyBoards PHP uncertainties (RFI/path traversal)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-August/002052.html"
}
]
}

92
2008/3xxx/CVE-2008-3961.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3961",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3961",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/advisories/apsa08-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa08-07.html"
"name": "http://www.adobe.com/support/security/advisories/apsa08-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa08-07.html"
},
{
"name" : "31208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31208"
"name": "1020892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020892"
},
{
"name" : "ADV-2008-2600",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2600"
"name": "adobe-illustrator-ai-code-execution(45180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45180"
},
{
"name" : "1020892",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020892"
"name": "31902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31902"
},
{
"name" : "31902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31902"
"name": "ADV-2008-2600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2600"
},
{
"name" : "adobe-illustrator-ai-code-execution(45180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45180"
"name": "31208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31208"
}
]
}

98
2008/4xxx/CVE-2008-4421.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4421",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4421",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) in the URL."
"lang": "eng",
"value": "Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a \"..\\\" (dot dot backslash) in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081003 MetaGauge 1.0.0.17 Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497039/100/0/threaded"
"name": "metagauge-http-directory-traversal(45697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45697"
},
{
"name" : "6686",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6686"
"name": "20081003 MetaGauge 1.0.0.17 Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497039/100/0/threaded"
},
{
"name" : "31596",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31596"
"name": "ADV-2008-2747",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2747"
},
{
"name" : "ADV-2008-2747",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2747"
"name": "32094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32094"
},
{
"name" : "32094",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32094"
"name": "4360",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4360"
},
{
"name" : "4360",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4360"
"name": "6686",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6686"
},
{
"name" : "metagauge-http-directory-traversal(45697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45697"
"name": "31596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31596"
}
]
}

22
2008/4xxx/CVE-2008-4430.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4430",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-4430",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3699. Reason: This candidate is a duplicate of CVE-2008-3699. Notes: All CVE users should reference CVE-2008-3699 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3699. Reason: This candidate is a duplicate of CVE-2008-3699. Notes: All CVE users should reference CVE-2008-3699 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

86
2008/4xxx/CVE-2008-4642.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4642",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4642",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action."
"lang": "eng",
"value": "SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6758",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6758"
"name": "4449",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4449"
},
{
"name" : "31771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31771"
"name": "astrospaces-profile-sql-injection(45915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45915"
},
{
"name" : "32290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32290"
"name": "6758",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6758"
},
{
"name" : "4449",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4449"
"name": "32290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32290"
},
{
"name" : "astrospaces-profile-sql-injection(45915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45915"
"name": "31771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31771"
}
]
}

80
2008/4xxx/CVE-2008-4675.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4675",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4675",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6611",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6611"
"name": "4465",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4465"
},
{
"name" : "31451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31451"
"name": "6611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6611"
},
{
"name" : "4465",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4465"
"name": "phpcounter-index-sql-injection(45493)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45493"
},
{
"name" : "phpcounter-index-sql-injection(45493)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45493"
"name": "31451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31451"
}
]
}

86
2008/4xxx/CVE-2008-4752.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4752",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4752",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin."
"lang": "eng",
"value": "TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6836",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6836"
"name": "4511",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4511"
},
{
"name" : "31919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31919"
"name": "31919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31919"
},
{
"name" : "32405",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32405"
"name": "tlnews-tlnewslogin-authentication-bypass(46116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46116"
},
{
"name" : "4511",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4511"
"name": "32405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32405"
},
{
"name" : "tlnews-tlnewslogin-authentication-bypass(46116)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46116"
"name": "6836",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6836"
}
]
}

80
2008/4xxx/CVE-2008-4783.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4783",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4783",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to \"admin.\""
"lang": "eng",
"value": "tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to \"admin.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6848",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6848"
"name": "6848",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6848"
},
{
"name" : "31939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31939"
"name": "4529",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4529"
},
{
"name" : "32427",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32427"
"name": "31939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31939"
},
{
"name" : "4529",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4529"
"name": "32427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32427"
}
]
}

92
2008/6xxx/CVE-2008-6703.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6703",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6703",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function."
"lang": "eng",
"value": "Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080628 Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493765"
"name": "http://aluigi.altervista.org/adv/stalker39x-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/stalker39x-adv.txt"
},
{
"name" : "http://aluigi.altervista.org/adv/stalker39x-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/stalker39x-adv.txt"
"name": "20080628 Multiple vulnerabilities in S.T.A.L.K.E.R. 1.0006",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493765"
},
{
"name" : "29997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29997"
"name": "stalker-multipacketreceiver-bo(43454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43454"
},
{
"name" : "46626",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/46626"
"name": "29997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29997"
},
{
"name" : "30891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30891"
"name": "46626",
"refsource": "OSVDB",
"url": "http://osvdb.org/46626"
},
{
"name" : "stalker-multipacketreceiver-bo(43454)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43454"
"name": "30891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30891"
}
]
}

22
2008/7xxx/CVE-2008-7260.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7260",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7260",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2013/2xxx/CVE-2013-2055.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2055",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2055",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup."
"lang": "eng",
"value": "Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140206 [CVE-2013-2055] Apache Wicket information disclosure vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Feb/38"
"name": "20140206 [CVE-2013-2055] Apache Wicket information disclosure vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Feb/38"
},
{
"name" : "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html",
"refsource" : "CONFIRM",
"url" : "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html"
"name": "https://wicket.apache.org/2014/02/06/cve-2013-2055.html",
"refsource": "CONFIRM",
"url": "https://wicket.apache.org/2014/02/06/cve-2013-2055.html"
},
{
"name" : "https://wicket.apache.org/2014/02/06/cve-2013-2055.html",
"refsource" : "CONFIRM",
"url" : "https://wicket.apache.org/2014/02/06/cve-2013-2055.html"
"name": "102955",
"refsource": "OSVDB",
"url": "http://osvdb.org/102955"
},
{
"name" : "65431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65431"
"name": "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html",
"refsource": "CONFIRM",
"url": "https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html"
},
{
"name" : "102955",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102955"
"name": "65431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65431"
}
]
}

74
2013/2xxx/CVE-2013-2345.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2345",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2345",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869."
"lang": "eng",
"value": "Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBMU02895",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
"name": "SSRT101218",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "SSRT101218",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
"name": "HPSBMU02895",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "SSRT101253",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
"name": "SSRT101253",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
}
]
}

68
2013/2xxx/CVE-2013-2363.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2363",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2363",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356."
"lang": "eng",
"value": "HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBMU02900",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
"name": "SSRT101150",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SSRT101150",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
}
]
}

152
2013/2xxx/CVE-2013-2906.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2906",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2906",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp."
"lang": "eng",
"value": "Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
"name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=223962",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=223962"
"name": "https://code.google.com/p/chromium/issues/detail?id=284785",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=284785"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=270758",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=270758"
"name": "https://src.chromium.org/viewvc/blink?revision=157259&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=157259&view=revision"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=271161",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=271161"
"name": "openSUSE-SU-2014:0065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=284785",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=284785"
"name": "DSA-2785",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2785"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=284786",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=284786"
"name": "openSUSE-SU-2013:1556",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=157243&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=157243&view=revision"
"name": "oval:org.mitre.oval:def:19013",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=157245&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=157245&view=revision"
"name": "https://code.google.com/p/chromium/issues/detail?id=271161",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=271161"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=157256&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=157256&view=revision"
"name": "https://src.chromium.org/viewvc/blink?revision=157256&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=157256&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=157259&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=157259&view=revision"
"name": "https://src.chromium.org/viewvc/blink?revision=157245&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=157245&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=157273&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=157273&view=revision"
"name": "https://code.google.com/p/chromium/issues/detail?id=270758",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=270758"
},
{
"name" : "DSA-2785",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2785"
"name": "https://code.google.com/p/chromium/issues/detail?id=284786",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=284786"
},
{
"name" : "openSUSE-SU-2013:1556",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
"name": "https://code.google.com/p/chromium/issues/detail?id=223962",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=223962"
},
{
"name" : "openSUSE-SU-2013:1861",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:0065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name": "https://src.chromium.org/viewvc/blink?revision=157243&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=157243&view=revision"
},
{
"name" : "oval:org.mitre.oval:def:19013",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19013"
"name": "https://src.chromium.org/viewvc/blink?revision=157273&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=157273&view=revision"
}
]
}

80
2013/6xxx/CVE-2013-6003.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6003",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6003",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors."
"lang": "eng",
"value": "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource" : "MISC",
"url" : "http://cs.cybozu.co.jp/information/20131202up01.php"
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name" : "https://support.cybozu.com/ja-jp/article/6121",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/6121"
"name": "JVNDB-2013-000116",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
},
{
"name" : "JVN#84221103",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN84221103/index.html"
"name": "https://support.cybozu.com/ja-jp/article/6121",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6121"
},
{
"name" : "JVNDB-2013-000116",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
"name": "JVN#84221103",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN84221103/index.html"
}
]
}

22
2013/6xxx/CVE-2013-6060.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6060",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6060",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2013/6xxx/CVE-2013-6366.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6366",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6366",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call."
"lang": "eng",
"value": "The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "28962",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/28962/"
"name": "28962",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/28962/"
}
]
}

22
2013/6xxx/CVE-2013-6524.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6524",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6524",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

80
2013/6xxx/CVE-2013-6814.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6814",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6814",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors."
"lang": "eng",
"value": "The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/"
"name": "https://service.sap.com/sap/support/notes/1854826",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1854826"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
"name": "55778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55778"
},
{
"name" : "https://service.sap.com/sap/support/notes/1854826",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1854826"
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "55778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55778"
"name": "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect/"
}
]
}

98
2013/7xxx/CVE-2013-7440.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7440",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-7440",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate."
"lang": "eng",
"value": "The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q2/483"
"name": "[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/483"
},
{
"name" : "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q2/523"
"name": "RHSA-2016:1166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1166"
},
{
"name" : "https://bugs.python.org/issue17997",
"refsource" : "CONFIRM",
"url" : "https://bugs.python.org/issue17997"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1224999",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1224999"
"name": "https://hg.python.org/cpython/rev/10d0edadbcdd",
"refsource": "CONFIRM",
"url": "https://hg.python.org/cpython/rev/10d0edadbcdd"
},
{
"name" : "https://hg.python.org/cpython/rev/10d0edadbcdd",
"refsource" : "CONFIRM",
"url" : "https://hg.python.org/cpython/rev/10d0edadbcdd"
"name": "https://bugs.python.org/issue17997",
"refsource": "CONFIRM",
"url": "https://bugs.python.org/issue17997"
},
{
"name" : "RHSA-2016:1166",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1166"
"name": "74707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74707"
},
{
"name" : "74707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74707"
"name": "[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/523"
}
]
}

76
2017/10xxx/CVE-2017-10207.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10207",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10207",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Hospitality Simphony",
"version" : {
"version_data" : [
"product_name": "Hospitality Simphony",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "2.9"
"version_affected": "=",
"version_value": "2.9"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name" : "99718",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99718"
"name": "99718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99718"
},
{
"name" : "1038941",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038941"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

86
2017/10xxx/CVE-2017-10709.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10709",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10709",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess."
"lang": "eng",
"value": "The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/",
"refsource" : "MISC",
"url" : "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/"
"name": "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/",
"refsource": "MISC",
"url": "https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/"
},
{
"name" : "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen",
"refsource" : "MISC",
"url" : "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen"
"name": "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen",
"refsource": "MISC",
"url": "https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen"
},
{
"name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707"
"name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0"
},
{
"name" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0"
"name": "https://www.youtube.com/watch?v=dwyzonP2eZw",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=dwyzonP2eZw"
},
{
"name" : "https://www.youtube.com/watch?v=dwyzonP2eZw",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=dwyzonP2eZw"
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707"
}
]
}

80
2017/14xxx/CVE-2017-14055.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14055",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14055",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large \"nb_frames\" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop."
"lang": "eng",
"value": "In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large \"nb_frames\" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html"
"name": "100626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100626"
},
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e",
"refsource" : "CONFIRM",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e"
"name": "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e"
},
{
"name" : "DSA-3996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3996"
"name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html"
},
{
"name" : "100626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100626"
"name": "DSA-3996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3996"
}
]
}

68
2017/14xxx/CVE-2017-14092.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2017-14092",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2017-14092",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain."
"lang": "eng",
"value": "The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities"
"name": "https://success.trendmicro.com/solution/1118486",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118486"
},
{
"name" : "https://success.trendmicro.com/solution/1118486",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1118486"
"name": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities"
}
]
}

68
2017/14xxx/CVE-2017-14158.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14158",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14158",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore."
"lang": "eng",
"value": "Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://blog.csdn.net/wangtua/article/details/75228728",
"refsource" : "MISC",
"url" : "http://blog.csdn.net/wangtua/article/details/75228728"
"name": "https://github.com/scrapy/scrapy/issues/482",
"refsource": "MISC",
"url": "https://github.com/scrapy/scrapy/issues/482"
},
{
"name" : "https://github.com/scrapy/scrapy/issues/482",
"refsource" : "MISC",
"url" : "https://github.com/scrapy/scrapy/issues/482"
"name": "http://blog.csdn.net/wangtua/article/details/75228728",
"refsource": "MISC",
"url": "http://blog.csdn.net/wangtua/article/details/75228728"
}
]
}

68
2017/14xxx/CVE-2017-14387.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-14387",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-14387",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4",
"version" : {
"version_data" : [
"product_name": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4",
"version": {
"version_data": [
{
"version_value" : "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4"
"version_value": "EMC Isilon OneFS EMC Isilon OneFS 8.1.0.0, EMC Isilon OneFS 8.0.1.0 -- 8.0.1.1, EMC Isilon OneFS 8.0.0.0 8.0.0.4"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\""
"lang": "eng",
"value": "The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an \"NFS Export Security Setting Fallback Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "NFS Export Security Setting Fallback Vulnerability"
"lang": "eng",
"value": "NFS Export Security Setting Fallback Vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://seclists.org/fulldisclosure/2017/Dec/78",
"refsource" : "CONFIRM",
"url" : "http://seclists.org/fulldisclosure/2017/Dec/78"
"name": "http://seclists.org/fulldisclosure/2017/Dec/78",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Dec/78"
},
{
"name" : "102292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102292"
"name": "102292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102292"
}
]
}

22
2017/14xxx/CVE-2017-14488.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14488",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14488",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/14xxx/CVE-2017-14731.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14731",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14731",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call."
"lang": "eng",
"value": "ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20171126 [SECURITY] [DLA 1192-1] libofx security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html"
"name": "[debian-lts-announce] 20171126 [SECURITY] [DLA 1192-1] libofx security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html"
},
{
"name" : "https://github.com/libofx/libofx/issues/10",
"refsource" : "MISC",
"url" : "https://github.com/libofx/libofx/issues/10"
"name": "https://github.com/libofx/libofx/issues/10",
"refsource": "MISC",
"url": "https://github.com/libofx/libofx/issues/10"
}
]
}

22
2017/15xxx/CVE-2017-15181.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15181",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15181",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2017/15xxx/CVE-2017-15252.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15252",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15252",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb.\""
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15252"
}
]
}

22
2017/15xxx/CVE-2017-15552.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15552",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15552",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

68
2017/15xxx/CVE-2017-15884.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15884",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15884",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges."
"lang": "eng",
"value": "In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43222",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43222/"
"name": "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html",
"refsource": "MISC",
"url": "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html"
},
{
"name" : "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html",
"refsource" : "MISC",
"url" : "https://m4.rkw.io/blog/cve201715884-local-root-privesc-in-hashicorp-vagrantvmwarefusion-500.html"
"name": "43222",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43222/"
}
]
}

22
2017/9xxx/CVE-2017-9106.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9106",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9106",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/9xxx/CVE-2017-9745.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9745",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9745",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution."
"lang": "eng",
"value": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21579",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21579"
"name": "99109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99109"
},
{
"name" : "99109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99109"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21579",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21579"
}
]
}

70
2017/9xxx/CVE-2017-9795.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-01-09T00:00:00",
"ID" : "CVE-2017-9795",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-9795",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache Geode",
"version" : {
"version_data" : [
"product_name": "Apache Geode",
"version": {
"version_data": [
{
"version_value" : "1.0.0 to 1.2.1"
"version_value": "1.0.0 to 1.2.1"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution."
"lang": "eng",
"value": "When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Improper Access Control"
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[user] 20180109 [SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E"
"name": "[user] 20180109 [SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E"
},
{
"name" : "102488",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102488"
"name": "102488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102488"
}
]
}

62
2017/9xxx/CVE-2017-9915.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9915",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9915",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a \"Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.\""
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a \"Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9915"
}
]
}

62
2017/9xxx/CVE-2017-9922.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9922",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9922",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.\""
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9922"
}
]
}

240
2018/0xxx/CVE-2018-0062.json
View File

@ -1,201 +1,201 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0062",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Denial of Service in J-Web"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0062",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Denial of Service in J-Web"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D77"
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
},
{
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
"affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D60"
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D60"
},
{
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R7"
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R7"
},
{
"affected" : "=",
"version_name" : "15.1F6",
"version_value" : "15.1F6"
"affected": "=",
"version_name": "15.1F6",
"version_value": "15.1F6"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D120"
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D120"
},
{
"affected" : "<",
"platform" : "EX2300/EX3400 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
"affected": "<",
"platform": "EX2300/EX3400 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D59"
},
{
"affected" : "<",
"platform" : "QFX10K Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D67"
"affected": "<",
"platform": "QFX10K Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D67"
},
{
"affected" : "<",
"platform" : "QFX5200/QFX5110 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D234"
"affected": "<",
"platform": "QFX5200/QFX5110 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D234"
},
{
"affected" : "<",
"platform" : "NFX Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D470, 15.1X53-D495"
"affected": "<",
"platform": "NFX Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D470, 15.1X53-D495"
},
{
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R6"
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R6"
},
{
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S6, 16.2R3"
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S6, 16.2R3"
},
{
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R2-S6, 17.1R3"
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S6, 17.1R3"
},
{
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R3"
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R3"
},
{
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R2"
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration" : [
"configuration": [
{
"lang" : "eng",
"value" : "The examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https"
"lang": "eng",
"value": "The examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https"
}
],
"credit" : [
"credit": [
{
"lang" : "eng",
"value" : "Alex Chash from SecureCom Limited (https://www.securecom.co.nz)\n"
"lang": "eng",
"value": "Alex Chash from SecureCom Limited (https://www.securecom.co.nz)\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue."
"lang": "eng",
"value": "A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D60 on SRX Series; 15.1 versions prior to 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D120 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D470, 15.1X53-D495 on NFX Series; 16.1 versions prior to 16.1R6; 16.2 versions prior to 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R2. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit" : [
"exploit": [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service"
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/JSA10897",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10897"
"name": "1041860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041860"
},
{
"name" : "1041860",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041860"
"name": "https://kb.juniper.net/JSA10897",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10897"
}
]
},
"solution" : [
"solution": [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10,12.3X48-D60, 15.1R7, 15.1X49-D120, 15.1X53-D234, 15.1X53-D470, 15.1X53-D495, 15.1X53-D59, 15.1X53-D67, 16.1R6, 16.2R2-S6, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R3, 17.3R2, 17.4R1 and all subsequent releases.\n\n\n\n\n"
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D77, 12.3R12-S10,12.3X48-D60, 15.1R7, 15.1X49-D120, 15.1X53-D234, 15.1X53-D470, 15.1X53-D495, 15.1X53-D59, 15.1X53-D67, 16.1R6, 16.2R2-S6, 16.2R3, 17.1R2-S6, 17.1R3, 17.2R3, 17.3R2, 17.4R1 and all subsequent releases.\n\n\n\n\n"
}
],
"source" : {
"advisory" : "JSA10897",
"defect" : [
"source": {
"advisory": "JSA10897",
"defect": [
"1264695"
],
"discovery" : "EXTERNAL"
"discovery": "EXTERNAL"
},
"work_around" : [
"work_around": [
{
"lang" : "eng",
"value" : "Limit access to J-Web from only trusted hosts, networks and administrators.\n"
"lang": "eng",
"value": "Limit access to J-Web from only trusted hosts, networks and administrators.\n"
}
]
}

86
2018/0xxx/CVE-2018-0114.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0114",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0114",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Node-jose Library",
"version" : {
"version_data" : [
"product_name": "Node-jose Library",
"version": {
"version_data": [
{
"version_value" : "Node-jose Library"
"version_value": "Node-jose Library"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header."
"lang": "eng",
"value": "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-347"
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44324",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44324/"
"name": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326"
},
{
"name" : "https://github.com/zi0Black/POC-CVE-2018-0114",
"refsource" : "MISC",
"url" : "https://github.com/zi0Black/POC-CVE-2018-0114"
"name": "https://github.com/zi0Black/POC-CVE-2018-0114",
"refsource": "MISC",
"url": "https://github.com/zi0Black/POC-CVE-2018-0114"
},
{
"name" : "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md"
"name": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md"
},
{
"name" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326"
"name": "44324",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44324/"
},
{
"name" : "102445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102445"
"name": "102445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102445"
}
]
}

22
2018/0xxx/CVE-2018-0162.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0162",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0162",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/0xxx/CVE-2018-0183.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0183",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0183",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco IOS XE",
"version" : {
"version_data" : [
"product_name": "Cisco IOS XE",
"version": {
"version_data": [
{
"version_value" : "Cisco IOS XE"
"version_value": "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356."
"lang": "eng",
"value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-264"
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3"
},
{
"name" : "103555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103555"
"name": "103555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103555"
}
]
}

68
2018/0xxx/CVE-2018-0579.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0579",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0579",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Open Graph for Facebook, Google+ and Twitter Card Tags",
"version" : {
"version_data" : [
"product_name": "Open Graph for Facebook, Google+ and Twitter Card Tags",
"version": {
"version_data": [
{
"version_value" : "prior to version 2.2.4.1"
"version_value": "prior to version 2.2.4.1"
}
]
}
}
]
},
"vendor_name" : "Webdados"
"vendor_name": "Webdados"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting"
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers"
"name": "JVN#08386386",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN08386386/index.html"
},
{
"name" : "JVN#08386386",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN08386386/index.html"
"name": "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers"
}
]
}

74
2018/1000xxx/CVE-2018-1000828.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.464913",
"DATE_REQUESTED" : "2018-10-28T03:59:08",
"ID" : "CVE-2018-1000828",
"REQUESTER" : "sajeeb@0dd.zone",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.464913",
"DATE_REQUESTED": "2018-10-28T03:59:08",
"ID": "CVE-2018-1000828",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "FrostWire",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "<= frostwire-desktop-6.7.4-build-272"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "FrostWire"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software."
"lang": "eng",
"value": "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/",
"refsource" : "MISC",
"url" : "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"
"name": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"
},
{
"name" : "https://github.com/frostwire/frostwire/issues/829",
"refsource" : "MISC",
"url" : "https://github.com/frostwire/frostwire/issues/829"
"name": "https://github.com/frostwire/frostwire/issues/829",
"refsource": "MISC",
"url": "https://github.com/frostwire/frostwire/issues/829"
}
]
}

84
2018/1000xxx/CVE-2018-1000863.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-09T22:34:33.130546",
"ID" : "CVE-2018-1000863",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-09T22:34:33.130546",
"ID": "CVE-2018-1000863",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "2.153 and earlier, LTS 2.138.3 and earlier"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins."
"lang": "eng",
"value": "A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-20"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.tenable.com/security/research/tra-2018-43",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-43"
"name": "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072"
},
{
"name" : "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072"
"name": "RHBA-2019:0024",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0024"
},
{
"name" : "RHBA-2019:0024",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2019:0024"
"name": "106176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106176"
},
{
"name" : "106176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106176"
"name": "https://www.tenable.com/security/research/tra-2018-43",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-43"
}
]
}

110
2018/12xxx/CVE-2018-12910.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12910",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12910",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname."
"lang": "eng",
"value": "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1416-1] libsoup2.4 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html"
"name": "FEDORA-2018-fb2afee474",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/"
},
{
"name" : "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047",
"refsource" : "CONFIRM",
"url" : "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047"
"name": "https://gitlab.gnome.org/GNOME/libsoup/issues/3",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/libsoup/issues/3"
},
{
"name" : "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f",
"refsource" : "CONFIRM",
"url" : "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name" : "https://gitlab.gnome.org/GNOME/libsoup/issues/3",
"refsource" : "CONFIRM",
"url" : "https://gitlab.gnome.org/GNOME/libsoup/issues/3"
"name": "DSA-4241",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4241"
},
{
"name" : "DSA-4241",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4241"
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1416-1] libsoup2.4 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html"
},
{
"name" : "FEDORA-2018-fb2afee474",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/"
"name": "USN-3701-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3701-1/"
},
{
"name" : "RHSA-2018:3140",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3140"
"name": "RHSA-2018:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name" : "RHSA-2018:3505",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3505"
"name": "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047"
},
{
"name" : "USN-3701-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3701-1/"
"name": "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f",
"refsource": "CONFIRM",
"url": "https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f"
}
]
}

22
2018/16xxx/CVE-2018-16259.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16259",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16259",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/16xxx/CVE-2018-16342.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16342",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16342",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ShowDoc v1.8.0 has XSS via a new page."
"lang": "eng",
"value": "ShowDoc v1.8.0 has XSS via a new page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/star7th/showdoc/issues/325",
"refsource" : "MISC",
"url" : "https://github.com/star7th/showdoc/issues/325"
"name": "https://github.com/star7th/showdoc/issues/325",
"refsource": "MISC",
"url": "https://github.com/star7th/showdoc/issues/325"
}
]
}

22
2018/16xxx/CVE-2018-16700.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16700",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16700",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2018/19xxx/CVE-2018-19965.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19965",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19965",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation."
"lang": "eng",
"value": "An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://xenbits.xen.org/xsa/advisory-279.html",
"refsource" : "MISC",
"url" : "https://xenbits.xen.org/xsa/advisory-279.html"
"name": "https://support.citrix.com/article/CTX239432",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX239432"
},
{
"name" : "https://support.citrix.com/article/CTX239432",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX239432"
"name": "https://xenbits.xen.org/xsa/advisory-279.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-279.html"
},
{
"name" : "DSA-4369",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4369"
"name": "DSA-4369",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4369"
},
{
"name" : "106182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106182"
"name": "106182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106182"
}
]
}

74
2018/4xxx/CVE-2018-4138.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4138",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4138",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT208692",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208692"
"name": "https://support.apple.com/HT208692",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208692"
},
{
"name" : "103582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103582"
"name": "103582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103582"
},
{
"name" : "1040608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040608"
"name": "1040608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040608"
}
]
}

22
2018/4xxx/CVE-2018-4297.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4297",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4297",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4701.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4701",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4701",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}