admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:55:31 +00:00
parent 4165006b3a
commit c7f81bfaac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3334 additions and 3334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2001/0xxx/CVE-2001-0576.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0576",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0576",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter."
"lang": "eng",
"value": "lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20010327 SCO 5.0.6 issues (lpusers) ",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html"
"refsource": "BUGTRAQ",
"name": "20010327 SCO 5.0.6 issues (lpusers)",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html"
},
{
"name" : "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes",
"refsource" : "BUGTRAQ",
"url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html"
"name": "sco-openserver-lpusers-bo(6292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6292"
},
{
"name" : "sco-openserver-lpusers-bo(6292)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6292"
"name": "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes",
"refsource": "BUGTRAQ",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html"
}
]
}

74
2001/0xxx/CVE-2001-0739.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0739",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0739",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges."
"lang": "eng",
"value": "Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "RHSA-2001:126",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-126.html"
"name": "ESA-20010529-02",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1404.html"
},
{
"name" : "ESA-20010529-02",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-1404.html"
"name": "RHSA-2001:126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-126.html"
},
{
"name" : "linux-webtool-inherit-privileges(7404)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7404"
"name": "linux-webtool-inherit-privileges(7404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7404"
}
]
}

80
2001/0xxx/CVE-2001-0923.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0923",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0923",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried."
"lang": "eng",
"value": "RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20011025 Advisory: Corrupt RPM Query Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/222542"
"name": "20011025 Advisory: Corrupt RPM Query Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/222542"
},
{
"name" : "CLA-2001:440",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440"
"name": "CLA-2001:440",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440"
},
{
"name" : "3472",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3472"
"name": "Linux-rpm-execute-code(7349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7349"
},
{
"name" : "Linux-rpm-execute-code(7349)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7349"
"name": "3472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3472"
}
]
}

122
2008/0xxx/CVE-2008-0127.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0127",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0127",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet."
"lang": "eng",
"value": "The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485992/100/0/threaded"
"name": "4878",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4878"
},
{
"name" : "20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486035/100/0/threaded"
"name": "3530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3530"
},
{
"name" : "4878",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4878"
"name": "ADV-2008-0087",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0087"
},
{
"name" : "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472",
"refsource" : "CONFIRM",
"url" : "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472"
"name": "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472"
},
{
"name" : "27197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27197"
"name": "mcafee-ebusiness-authentication-packet-dos(39561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39561"
},
{
"name" : "ADV-2008-0087",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0087"
"name": "20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486035/100/0/threaded"
},
{
"name" : "1019170",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019170"
"name": "28408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28408"
},
{
"name" : "28408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28408"
"name": "1019170",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019170"
},
{
"name" : "3530",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3530"
"name": "mcafee-ebusiness-packet-code-execution(39563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39563"
},
{
"name" : "mcafee-ebusiness-packet-code-execution(39563)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39563"
"name": "20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485992/100/0/threaded"
},
{
"name" : "mcafee-ebusiness-authentication-packet-dos(39561)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39561"
"name": "27197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27197"
}
]
}

92
2008/1xxx/CVE-2008-1222.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1222",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1222",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://projects.dokeos.com/index.php?do=details&task_id=2312",
"refsource" : "CONFIRM",
"url" : "http://projects.dokeos.com/index.php?do=details&task_id=2312"
"name": "ADV-2008-0798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name" : "http://www.dokeos.com/wiki/index.php/Security",
"refsource" : "CONFIRM",
"url" : "http://www.dokeos.com/wiki/index.php/Security"
"name": "29254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29254"
},
{
"name" : "28121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28121"
"name": "28121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28121"
},
{
"name" : "ADV-2008-0798",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0798"
"name": "http://projects.dokeos.com/index.php?do=details&task_id=2312",
"refsource": "CONFIRM",
"url": "http://projects.dokeos.com/index.php?do=details&task_id=2312"
},
{
"name" : "29254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29254"
"name": "dokeos-unspecified-xss(41046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"name" : "dokeos-unspecified-xss(41046)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
"name": "http://www.dokeos.com/wiki/index.php/Security",
"refsource": "CONFIRM",
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
]
}

74
2008/1xxx/CVE-2008-1955.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1955",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1955",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html",
"refsource" : "MISC",
"url" : "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html"
"name": "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html",
"refsource": "MISC",
"url": "http://www.z0rlu.ownspace.org/index.php?/archives/52-MyBoard-1.0.12-XSS.html"
},
{
"name" : "28823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28823"
"name": "28823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28823"
},
{
"name" : "myboard-rep-xss(42024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42024"
"name": "myboard-rep-xss(42024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42024"
}
]
}

86
2008/5xxx/CVE-2008-5189.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5189",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5189",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function."
"lang": "eng",
"value": "CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d",
"refsource" : "CONFIRM",
"url" : "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d"
"name": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d",
"refsource": "CONFIRM",
"url": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d"
},
{
"name" : "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing",
"refsource" : "CONFIRM",
"url" : "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing"
"name": "32359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32359"
},
{
"name" : "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk",
"refsource" : "CONFIRM",
"url" : "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk"
"name": "SUSE-SR:2008:027",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
},
{
"name" : "SUSE-SR:2008:027",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
"name": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing"
},
{
"name" : "32359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32359"
"name": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk"
}
]
}

128
2008/5xxx/CVE-2008-5394.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5394",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5394",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry."
"lang": "eng",
"value": "/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081130 /bin/login gives root to group utmp",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
"name": "52200",
"refsource": "OSVDB",
"url": "http://osvdb.org/52200"
},
{
"name" : "7313",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7313"
"name": "http://bugs.debian.org/505271",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/505271"
},
{
"name" : "http://bugs.debian.org/332198",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/332198"
"name": "32552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32552"
},
{
"name" : "http://bugs.debian.org/505071",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/505071"
"name": "http://bugs.debian.org/332198",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/332198"
},
{
"name" : "http://bugs.debian.org/505271",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/505271"
"name": "debian-login-symlink(47037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
},
{
"name" : "GLSA-200903-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-24.xml"
"name": "GLSA-200903-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-24.xml"
},
{
"name" : "MDVSA-2009:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
"name": "MDVSA-2009:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:062"
},
{
"name" : "USN-695-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-695-1"
"name": "20081130 /bin/login gives root to group utmp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498769/100/0/threaded"
},
{
"name" : "32552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32552"
"name": "7313",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7313"
},
{
"name" : "52200",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52200"
"name": "4695",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4695"
},
{
"name" : "4695",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4695"
"name": "http://bugs.debian.org/505071",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/505071"
},
{
"name" : "debian-login-symlink(47037)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47037"
"name": "USN-695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-695-1"
}
]
}

80
2008/5xxx/CVE-2008-5540.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5540",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5540",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
"lang": "eng",
"value": "Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
"name": "4723",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4723"
},
{
"name" : "4723",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4723"
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name" : "multiple-antivirus-mzheader-code-execution(47435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
]
}

74
2008/5xxx/CVE-2008-5659.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5659",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5659",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
"lang": "eng",
"value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/12/06/2"
"name": "classpath-gnujavasecurityutil-weak-security(47574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
},
{
"name" : "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417",
"refsource" : "CONFIRM",
"url" : "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
"name": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417",
"refsource": "CONFIRM",
"url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
},
{
"name" : "classpath-gnujavasecurityutil-weak-security(47574)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
"name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
}
]
}

80
2008/5xxx/CVE-2008-5895.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5895",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5895",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter."
"lang": "eng",
"value": "SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "7476",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7476"
"name": "4905",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4905"
},
{
"name" : "32836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32836"
"name": "32836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32836"
},
{
"name" : "33176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33176"
"name": "7476",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7476"
},
{
"name" : "4905",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4905"
"name": "33176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33176"
}
]
}

152
2011/2xxx/CVE-2011-2362.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2362",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2362",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers."
"lang": "eng",
"value": "Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html"
"name": "MDVSA-2011:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616264",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=616264"
"name": "45002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45002"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100144854",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144854"
"name": "http://support.avaya.com/css/P8/documents/100145333",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100145333"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100145333",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100145333"
"name": "USN-1149-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1149-1"
},
{
"name" : "DSA-2268",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2268"
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-24.html"
},
{
"name" : "DSA-2269",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2269"
"name": "http://support.avaya.com/css/P8/documents/100144854",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144854"
},
{
"name" : "DSA-2273",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2273"
"name": "RHSA-2011:0887",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
},
{
"name" : "MDVSA-2011:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=616264",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=616264"
},
{
"name" : "RHSA-2011:0885",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
"name": "RHSA-2011:0885",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
},
{
"name" : "RHSA-2011:0886",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
"name": "DSA-2268",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2268"
},
{
"name" : "RHSA-2011:0887",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
"name": "RHSA-2011:0888",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
},
{
"name" : "RHSA-2011:0888",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
"name": "oval:org.mitre.oval:def:13693",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693"
},
{
"name" : "SUSE-SA:2011:028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
"name": "DSA-2269",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2269"
},
{
"name" : "USN-1149-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1149-1"
"name": "SUSE-SA:2011:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name" : "oval:org.mitre.oval:def:13693",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693"
"name": "RHSA-2011:0886",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html"
},
{
"name" : "45002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45002"
"name": "DSA-2273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2273"
}
]
}

62
2013/0xxx/CVE-2013-0108.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0108",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-0108",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document."
"lang": "eng",
"value": "An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf"
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-053-02.pdf"
}
]
}

74
2013/0xxx/CVE-2013-0740.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0740",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0740",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer."
"lang": "eng",
"value": "Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "61383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61383"
"name": "52742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52742"
},
{
"name" : "95545",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95545"
"name": "95545",
"refsource": "OSVDB",
"url": "http://osvdb.org/95545"
},
{
"name" : "52742",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52742"
"name": "61383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61383"
}
]
}

62
2013/0xxx/CVE-2013-0970.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0970",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-0970",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL."
"lang": "eng",
"value": "Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "APPLE-SA-2013-03-14-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
}
]
}

86
2013/1xxx/CVE-2013-1012.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1012",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-1012",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT5785",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5785"
"name": "http://support.apple.com/kb/HT5785",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5785"
},
{
"name" : "http://support.apple.com/kb/HT5934",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5934"
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name" : "APPLE-SA-2013-06-04-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name" : "APPLE-SA-2013-09-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
"name": "APPLE-SA-2013-06-04-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
},
{
"name" : "54886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54886"
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}

68
2013/3xxx/CVE-2013-3003.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3003",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3003",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21641655",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21641655"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21641655",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21641655"
},
{
"name" : "ims-cve20133003-command-injection(84129)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84129"
"name": "ims-cve20133003-command-injection(84129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84129"
}
]
}

74
2013/3xxx/CVE-2013-3152.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3152",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3152",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3146."
"lang": "eng",
"value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3146."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS13-055",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
"name": "MS13-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
},
{
"name" : "TA13-190A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A"
"name": "TA13-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-190A"
},
{
"name" : "oval:org.mitre.oval:def:16975",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16975"
"name": "oval:org.mitre.oval:def:16975",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16975"
}
]
}

74
2013/3xxx/CVE-2013-3197.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3197",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3197",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3196 and CVE-2013-3198."
"lang": "eng",
"value": "The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3196 and CVE-2013-3198."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS13-063",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063"
"name": "MS13-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-063"
},
{
"name" : "TA13-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A"
"name": "oval:org.mitre.oval:def:18364",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364"
},
{
"name" : "oval:org.mitre.oval:def:18364",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18364"
"name": "TA13-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
}
]
}

80
2013/4xxx/CVE-2013-4379.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4379",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4379",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL."
"lang": "eng",
"value": "The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20130927 Re: CVE request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/09/27/6"
"name": "https://drupal.org/node/2081637",
"refsource": "MISC",
"url": "https://drupal.org/node/2081637"
},
{
"name" : "https://drupal.org/node/2081637",
"refsource" : "MISC",
"url" : "https://drupal.org/node/2081637"
"name": "https://drupal.org/node/2081647",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2081647"
},
{
"name" : "https://drupal.org/node/2081647",
"refsource" : "CONFIRM",
"url" : "https://drupal.org/node/2081647"
"name": "54634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54634"
},
{
"name" : "54634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54634"
"name": "[oss-security] 20130927 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/27/6"
}
]
}

80
2013/4xxx/CVE-2013-4708.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4708",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4708",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic."
"lang": "eng",
"value": "The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.seil.jp/support/security/a01388.html",
"refsource" : "CONFIRM",
"url" : "http://www.seil.jp/support/security/a01388.html"
"name": "http://www.seil.jp/support/security/a01388.html",
"refsource": "CONFIRM",
"url": "http://www.seil.jp/support/security/a01388.html"
},
{
"name" : "JVN#40079308",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN40079308/index.html"
"name": "JVN#40079308",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN40079308/index.html"
},
{
"name" : "JVNDB-2013-000091",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html"
"name": "97619",
"refsource": "OSVDB",
"url": "http://osvdb.org/97619"
},
{
"name" : "97619",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/97619"
"name": "JVNDB-2013-000091",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html"
}
]
}

22
2013/4xxx/CVE-2013-4976.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4976",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4976",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/7xxx/CVE-2013-7126.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7126",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7126",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

68
2017/12xxx/CVE-2017-12139.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12139",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12139",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php."
"lang": "eng",
"value": "XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/XOOPS/XoopsCore25/issues/524",
"refsource" : "CONFIRM",
"url" : "https://github.com/XOOPS/XoopsCore25/issues/524"
"name": "https://github.com/XOOPS/XoopsCore25/issues/524",
"refsource": "CONFIRM",
"url": "https://github.com/XOOPS/XoopsCore25/issues/524"
},
{
"name" : "100094",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100094"
"name": "100094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100094"
}
]
}

68
2017/12xxx/CVE-2017-12711.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-12711",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12711",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Advantech WebAccess",
"version" : {
"version_data" : [
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value" : "Advantech WebAccess"
"version_value": "Advantech WebAccess"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges."
"lang": "eng",
"value": "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-266"
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02"
},
{
"name" : "100526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100526"
"name": "100526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100526"
}
]
}

68
2017/12xxx/CVE-2017-12858.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12858",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12858",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors."
"lang": "eng",
"value": "Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796",
"refsource" : "CONFIRM",
"url" : "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"
"name": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796",
"refsource": "CONFIRM",
"url": "https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796"
},
{
"name" : "100459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100459"
"name": "100459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100459"
}
]
}

62
2017/12xxx/CVE-2017-12948.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12948",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12948",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Core\\Admin\\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF."
"lang": "eng",
"value": "Core\\Admin\\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf",
"refsource" : "MISC",
"url" : "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf"
"name": "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf",
"refsource": "MISC",
"url": "http://www.defensecode.com/advisories/DC-2017-05-007_WordPress_PressForward_Plugin_Advisory.pdf"
}
]
}

184
2017/13xxx/CVE-2017-13086.json
View File

@ -1,164 +1,164 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13086",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13086",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Wi-Fi Protected Access (WPA and WPA2)",
"version" : {
"version_data" : [
"product_name": "Wi-Fi Protected Access (WPA and WPA2)",
"version": {
"version_data": [
{
"version_value" : "WPA"
"version_value": "WPA"
},
{
"version_value" : "WPA2"
"version_value": "WPA2"
}
]
}
}
]
},
"vendor_name" : "Wi-Fi Alliance"
"vendor_name": "Wi-Fi Alliance"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
"lang": "eng",
"value": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-323: Reusing a Nonce, Key Pair in Encryption"
"lang": "eng",
"value": "CWE-323: Reusing a Nonce, Key Pair in Encryption"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.krackattacks.com/",
"refsource" : "MISC",
"url" : "https://www.krackattacks.com/"
"name": "1039581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"name" : "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt",
"refsource" : "MISC",
"url" : "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
"name": "101274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
"name": "DSA-3999",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"name" : "https://access.redhat.com/security/vulnerabilities/kracks",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/vulnerabilities/kracks"
"name": "1039578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039578"
},
{
"name" : "https://support.lenovo.com/us/en/product_security/LEN-17420",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/product_security/LEN-17420"
"name": "https://access.redhat.com/security/vulnerabilities/kracks",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"name" : "https://source.android.com/security/bulletin/2017-11-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-11-01"
"name": "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
"name": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt",
"refsource": "MISC",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"name" : "https://cert.vde.com/en-us/advisories/vde-2017-005",
"refsource" : "CONFIRM",
"url" : "https://cert.vde.com/en-us/advisories/vde-2017-005"
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"name" : "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
"name": "1039577",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"name" : "DSA-3999",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3999"
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name" : "FreeBSD-SA-17:07",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
"name": "GLSA-201711-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"name" : "GLSA-201711-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-03"
"name": "RHSA-2017:2907",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"name" : "RHSA-2017:2907",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2907"
"name": "https://support.lenovo.com/us/en/product_security/LEN-17420",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"name" : "USN-3455-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3455-1"
"name": "FreeBSD-SA-17:07",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"name" : "VU#228519",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/228519"
"name": "https://www.krackattacks.com/",
"refsource": "MISC",
"url": "https://www.krackattacks.com/"
},
{
"name" : "101274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101274"
"name": "1039573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"name" : "1039573",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039573"
"name": "1039576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"name" : "1039576",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039576"
"name": "VU#228519",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"name" : "1039577",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039577"
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"name" : "1039578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039578"
"name": "https://cert.vde.com/en-us/advisories/vde-2017-005",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"name" : "1039581",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039581"
"name": "USN-3455-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
]
}

22
2017/13xxx/CVE-2017-13476.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13476",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13476",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2017/13xxx/CVE-2017-13764.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13764",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13764",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation."
"lang": "eng",
"value": "In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925"
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94"
"name": "100545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100545"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2017-40.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2017-40.html"
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925"
},
{
"name" : "100545",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100545"
"name": "https://www.wireshark.org/security/wnpa-sec-2017-40.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-40.html"
},
{
"name" : "1039254",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039254"
"name": "1039254",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039254"
}
]
}

68
2017/13xxx/CVE-2017-13828.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-13828",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13828",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Fonts\" component. It allows remote attackers to spoof the user interface via crafted text."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Fonts\" component. It allows remote attackers to spoof the user interface via crafted text."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name" : "1039710",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039710"
"name": "1039710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039710"
}
]
}

22
2017/13xxx/CVE-2017-13956.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13956",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13956",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/16xxx/CVE-2017-16589.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16589",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-16589",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value" : "8.3.1.21155"
"version_value": "8.3.1.21155"
}
]
}
}
]
},
"vendor_name" : "Foxit"
"vendor_name": "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977."
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-857",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-857"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "https://zerodayinitiative.com/advisories/ZDI-17-857",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-857"
}
]
}

70
2017/16xxx/CVE-2017-16863.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-01-14T00:00:00",
"ID" : "CVE-2017-16863",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-01-14T00:00:00",
"ID": "CVE-2017-16863",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Atlassian Jira",
"version" : {
"version_data" : [
"product_name": "Atlassian Jira",
"version": {
"version_data": [
{
"version_value" : "All versions prior to version 7.5.3"
"version_value": "All versions prior to version 7.5.3"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
"vendor_name": "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter."
"lang": "eng",
"value": "The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jira.atlassian.com/browse/JRASERVER-66623",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-66623"
"name": "https://jira.atlassian.com/browse/JRASERVER-66623",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-66623"
},
{
"name" : "102732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102732"
"name": "102732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102732"
}
]
}

62
2017/17xxx/CVE-2017-17968.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17968",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17968",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response."
"lang": "eng",
"value": "A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43408",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43408/"
"name": "43408",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43408/"
}
]
}

22
2018/18xxx/CVE-2018-18030.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18030",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18030",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/18xxx/CVE-2018-18406.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18406",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18406",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/18xxx/CVE-2018-18633.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18633",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18633",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/18xxx/CVE-2018-18852.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18852",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18852",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/18xxx/CVE-2018-18863.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18863",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18863",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/18xxx/CVE-2018-18969.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18969",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18969",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/19xxx/CVE-2018-19263.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19263",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-19263",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}

92
2018/19xxx/CVE-2018-19788.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19788",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19788",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
"lang": "eng",
"value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
"name": "USN-3861-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name" : "https://bugs.debian.org/915332",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/915332"
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name" : "https://gitlab.freedesktop.org/polkit/polkit/issues/74",
"refsource" : "MISC",
"url" : "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
"name": "USN-3861-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"name" : "DSA-4350",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4350"
"name": "https://bugs.debian.org/915332",
"refsource": "MISC",
"url": "https://bugs.debian.org/915332"
},
{
"name" : "USN-3861-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3861-1/"
"name": "https://gitlab.freedesktop.org/polkit/polkit/issues/74",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name" : "USN-3861-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3861-2/"
"name": "DSA-4350",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4350"
}
]
}

22
2018/1xxx/CVE-2018-1033.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1033",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1033",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

100
2018/1xxx/CVE-2018-1058.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-03-01T00:00:00",
"ID" : "CVE-2018-1058",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-01T00:00:00",
"ID": "CVE-2018-1058",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value" : "9.3 - 10"
"version_value": "9.3 - 10"
}
]
}
}
]
},
"vendor_name" : "The PostgreSQL Global Development Group"
"vendor_name": "The PostgreSQL Global Development Group"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected."
"lang": "eng",
"value": "A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-20"
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547044",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547044"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547044"
},
{
"name" : "https://www.postgresql.org/about/news/1834/",
"refsource" : "CONFIRM",
"url" : "https://www.postgresql.org/about/news/1834/"
"name": "USN-3589-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3589-1/"
},
{
"name" : "RHSA-2018:2511",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2511"
"name": "103221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103221"
},
{
"name" : "RHSA-2018:2566",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2566"
"name": "https://www.postgresql.org/about/news/1834/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1834/"
},
{
"name" : "RHSA-2018:3816",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3816"
"name": "RHSA-2018:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2511"
},
{
"name" : "USN-3589-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3589-1/"
"name": "RHSA-2018:2566",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2566"
},
{
"name" : "103221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103221"
"name": "RHSA-2018:3816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
}
]
}

106
2018/1xxx/CVE-2018-1083.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00",
"ID" : "CVE-2018-1083",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-26T00:00:00",
"ID": "CVE-2018-1083",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "zsh",
"version" : {
"version_data" : [
"product_name": "zsh",
"version": {
"version_data": [
{
"version_value" : "before zsh 5.4.2-test-1"
"version_value": "before zsh 5.4.2-test-1"
}
]
}
}
]
},
"vendor_name" : "zsh"
"vendor_name": "zsh"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation."
"lang": "eng",
"value": "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-120->CWE-121"
"lang": "eng",
"value": "CWE-120->CWE-121"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
"name": "USN-3608-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3608-1/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1557382",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1557382"
"name": "103572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103572"
},
{
"name" : "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7"
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name" : "GLSA-201805-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-10"
"name": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7"
},
{
"name" : "RHSA-2018:1932",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1932"
"name": "RHSA-2018:1932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"name" : "RHSA-2018:3073",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3073"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382"
},
{
"name" : "USN-3608-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3608-1/"
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name" : "103572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103572"
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
]
}

70
2018/1xxx/CVE-2018-1141.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2018-1141",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1141",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Nessus",
"version" : {
"version_data" : [
"product_name": "Nessus",
"version": {
"version_data": [
{
"version_value" : "All versions prior to 7.0.3"
"version_value": "All versions prior to 7.0.3"
}
]
}
}
]
},
"vendor_name" : "Tenable"
"vendor_name": "Tenable"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location."
"lang": "eng",
"value": "When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Local Privilege Escalation"
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.tenable.com/security/tns-2018-01",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2018-01"
"name": "https://www.tenable.com/security/tns-2018-01",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-01"
},
{
"name" : "1040557",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040557"
"name": "1040557",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040557"
}
]
}

82
2018/1xxx/CVE-2018-1186.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2018-1186",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1186",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Isilon OneFS",
"version" : {
"version_data" : [
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value" : "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
"vendor_name": "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website."
"lang": "eng",
"value": "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability"
"lang": "eng",
"value": "Cross-site scripting vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44039",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44039/"
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name" : "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/50"
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name" : "103033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103033"
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}

120
2018/1xxx/CVE-2018-1764.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-08T00:00:00",
"ID" : "CVE-2018-1764",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-08T00:00:00",
"ID": "CVE-2018-1764",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value" : "5.0"
"version_value": "5.0"
},
{
"version_value" : "5.0.1"
"version_value": "5.0.1"
},
{
"version_value" : "5.0.2"
"version_value": "5.0.2"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "6.0.2"
"version_value": "6.0.2"
},
{
"version_value" : "6.0.3"
"version_value": "6.0.3"
},
{
"version_value" : "6.0.4"
"version_value": "6.0.4"
},
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "6.0.6"
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618."
"lang": "eng",
"value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
"name": "ibm-rqm-cve20181764-xss(148618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148618"
},
{
"name" : "ibm-rqm-cve20181764-xss(148618)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148618"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
}
]
}

128
2018/5xxx/CVE-2018-5096.json
View File

@ -1,118 +1,118 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5096",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5096",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52.6"
"version_affected": "<",
"version_value": "52.6"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52.6"
"version_affected": "<",
"version_value": "52.6"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
"vendor_name": "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6."
"lang": "eng",
"value": "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use-after-free while editing form elements"
"lang": "eng",
"value": "Use-after-free while editing form elements"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
"name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922"
"name": "DSA-4096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-03/"
"name": "RHSA-2018:0262",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-04/"
"name": "102771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102771"
},
{
"name" : "DSA-4096",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4096"
"name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name" : "DSA-4102",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4102"
"name": "RHSA-2018:0122",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"name" : "RHSA-2018:0122",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0122"
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name" : "RHSA-2018:0262",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0262"
"name": "DSA-4102",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4102"
},
{
"name" : "102771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102771"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1418922"
}
]
}

62
2018/5xxx/CVE-2018-5308.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5308",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5308",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file."
"lang": "eng",
"value": "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532390",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532390"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1532390",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532390"
}
]
}

22
2018/5xxx/CVE-2018-5597.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5597",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5597",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}