admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:31:55 +00:00
parent 188ef8892b
commit cafc171436
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4573 additions and 4573 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2008/0xxx/CVE-2008-0527.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-0527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml"
},
{
"name" : "27774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27774"
},
{
"name" : "ADV-2008-0543",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0543"
},
{
"name" : "1019408",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019408"
},
{
"name" : "28935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28935"
},
{
"name" : "cisco-unifiedipphone-httpserver-dos(40489)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40489"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml"
},
{
"name": "1019408",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019408"
},
{
"name": "cisco-unifiedipphone-httpserver-dos(40489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40489"
},
{
"name": "27774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27774"
},
{
"name": "ADV-2008-0543",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0543"
},
{
"name": "28935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28935"
}
]
}
}

550
2008/0xxx/CVE-2008-0553.json
View File

@ -1,277 +1,277 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080212 rPSA-2008-0054-1 tk",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
},
{
"name" : "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=431518",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0054",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2215",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2215"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name" : "DSA-1490",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1490"
},
{
"name" : "DSA-1491",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1491"
},
{
"name" : "DSA-1598",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1598"
},
{
"name" : "FEDORA-2008-1122",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
},
{
"name" : "FEDORA-2008-1131",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
},
{
"name" : "FEDORA-2008-1323",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
},
{
"name" : "FEDORA-2008-1384",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
},
{
"name" : "FEDORA-2008-3545",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
},
{
"name" : "MDVSA-2008:041",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
},
{
"name" : "RHSA-2008:0135",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
},
{
"name" : "RHSA-2008:0134",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
},
{
"name" : "RHSA-2008:0136",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
},
{
"name" : "237465",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
},
{
"name" : "SUSE-SR:2008:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name" : "SUSE-SR:2008:013",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name" : "USN-664-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-664-1"
},
{
"name" : "27655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27655"
},
{
"name" : "oval:org.mitre.oval:def:10098",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
},
{
"name" : "32608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32608"
},
{
"name" : "ADV-2008-0430",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0430"
},
{
"name" : "ADV-2008-1456",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1456/references"
},
{
"name" : "ADV-2008-1744",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name" : "1019309",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019309"
},
{
"name" : "28784",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28784"
},
{
"name" : "28807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28807"
},
{
"name" : "28848",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28848"
},
{
"name" : "28857",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28857"
},
{
"name" : "28867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28867"
},
{
"name" : "28954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28954"
},
{
"name" : "29069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29069"
},
{
"name" : "29070",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29070"
},
{
"name" : "29622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29622"
},
{
"name" : "30129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30129"
},
{
"name" : "30535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30535"
},
{
"name" : "30783",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30783"
},
{
"name" : "30717",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30717"
},
{
"name" : "30188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30188"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30129"
},
{
"name": "28784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28784"
},
{
"name": "RHSA-2008:0134",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0134.html"
},
{
"name": "DSA-1598",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1598"
},
{
"name": "20080212 rPSA-2008-0054-1 tk",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488069/100/0/threaded"
},
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "29622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29622"
},
{
"name": "27655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27655"
},
{
"name": "SUSE-SR:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "USN-664-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-664-1"
},
{
"name": "ADV-2008-1456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1456/references"
},
{
"name": "28857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28857"
},
{
"name": "30783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30783"
},
{
"name": "https://issues.rpath.com/browse/RPL-2215",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2215"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "oval:org.mitre.oval:def:10098",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098"
},
{
"name": "DSA-1490",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1490"
},
{
"name": "237465",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1"
},
{
"name": "RHSA-2008:0136",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0136.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431518",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431518"
},
{
"name": "ADV-2008-0430",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0430"
},
{
"name": "28954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28954"
},
{
"name": "30535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30535"
},
{
"name": "30188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30188"
},
{
"name": "FEDORA-2008-1131",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "FEDORA-2008-1384",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html"
},
{
"name": "FEDORA-2008-1122",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html"
},
{
"name": "32608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32608"
},
{
"name": "29070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29070"
},
{
"name": "FEDORA-2008-3545",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html"
},
{
"name": "28848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28848"
},
{
"name": "RHSA-2008:0135",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0135.html"
},
{
"name": "29069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29069"
},
{
"name": "FEDORA-2008-1323",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html"
},
{
"name": "28867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28867"
},
{
"name": "1019309",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019309"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0054",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0054"
},
{
"name": "MDVSA-2008:041",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:041"
},
{
"name": "DSA-1491",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1491"
},
{
"name": "28807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28807"
},
{
"name": "SUSE-SR:2008:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30717"
}
]
}
}

550
2008/0xxx/CVE-2008-0592.json
View File

@ -1,277 +1,277 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080209 rPSA-2008-0051-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
},
{
"name" : "20080212 FLEA-2008-0001-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=387258",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=387258"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
},
{
"name" : "http://browser.netscape.com/releasenotes/",
"refsource" : "CONFIRM",
"url" : "http://browser.netscape.com/releasenotes/"
},
{
"name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
},
{
"name" : "DSA-1484",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1484"
},
{
"name" : "DSA-1485",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1485"
},
{
"name" : "DSA-1489",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1489"
},
{
"name" : "DSA-1506",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1506"
},
{
"name" : "FEDORA-2008-1435",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
},
{
"name" : "FEDORA-2008-1459",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
},
{
"name" : "FEDORA-2008-1535",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
},
{
"name" : "FEDORA-2008-2060",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
},
{
"name" : "FEDORA-2008-2118",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
},
{
"name" : "GLSA-200805-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name" : "MDVSA-2008:048",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
},
{
"name" : "RHSA-2008:0103",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
},
{
"name" : "RHSA-2008:0104",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
},
{
"name" : "RHSA-2008:0105",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
},
{
"name" : "238492",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name" : "SUSE-SA:2008:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
},
{
"name" : "USN-576-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-576-1"
},
{
"name" : "27683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27683"
},
{
"name" : "oval:org.mitre.oval:def:9972",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9972"
},
{
"name" : "ADV-2008-0453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0453/references"
},
{
"name" : "ADV-2008-0627",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0627/references"
},
{
"name" : "ADV-2008-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name" : "1019340",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019340"
},
{
"name" : "28818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28818"
},
{
"name" : "28754",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28754"
},
{
"name" : "28864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28864"
},
{
"name" : "28865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28865"
},
{
"name" : "28877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28877"
},
{
"name" : "28879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28879"
},
{
"name" : "28924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28924"
},
{
"name" : "28939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28939"
},
{
"name" : "28958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28958"
},
{
"name" : "29086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29086"
},
{
"name" : "29167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29167"
},
{
"name" : "29567",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29567"
},
{
"name" : "30327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30327"
},
{
"name" : "30620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30620"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0104",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
},
{
"name": "USN-576-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-576-1"
},
{
"name": "http://browser.netscape.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://browser.netscape.com/releasenotes/"
},
{
"name": "28939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28939"
},
{
"name": "DSA-1506",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1506"
},
{
"name": "FEDORA-2008-2118",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
},
{
"name": "FEDORA-2008-2060",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
},
{
"name": "28818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28818"
},
{
"name": "30620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30620"
},
{
"name": "28865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28865"
},
{
"name": "ADV-2008-0453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0453/references"
},
{
"name": "oval:org.mitre.oval:def:9972",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9972"
},
{
"name": "RHSA-2008:0103",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
},
{
"name": "28877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28877"
},
{
"name": "28879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28879"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=387258",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=387258"
},
{
"name": "29167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29167"
},
{
"name": "29567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29567"
},
{
"name": "RHSA-2008:0105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
},
{
"name": "28958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28958"
},
{
"name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
},
{
"name": "30327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30327"
},
{
"name": "238492",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name": "1019340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019340"
},
{
"name": "DSA-1489",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1489"
},
{
"name": "20080212 FLEA-2008-0001-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
},
{
"name": "20080209 rPSA-2008-0051-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
},
{
"name": "29086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29086"
},
{
"name": "28864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28864"
},
{
"name": "DSA-1485",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1485"
},
{
"name": "28924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28924"
},
{
"name": "27683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27683"
},
{
"name": "ADV-2008-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name": "SUSE-SA:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
},
{
"name": "FEDORA-2008-1459",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
},
{
"name": "FEDORA-2008-1535",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
},
{
"name": "DSA-1484",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1484"
},
{
"name": "ADV-2008-0627",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0627/references"
},
{
"name": "GLSA-200805-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-09.html"
},
{
"name": "28754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28754"
},
{
"name": "FEDORA-2008-1435",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
},
{
"name": "MDVSA-2008:048",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
}
]
}
}

260
2008/0xxx/CVE-2008-0780.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7",
"refsource" : "CONFIRM",
"url" : "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name" : "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d",
"refsource" : "CONFIRM",
"url" : "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=432747",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"name" : "DSA-1514",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1514"
},
{
"name" : "FEDORA-2008-1880",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name" : "FEDORA-2008-1905",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name" : "GLSA-200803-27",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name" : "USN-716-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/716-1/"
},
{
"name" : "27904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27904"
},
{
"name" : "ADV-2008-0569",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name" : "29010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29010"
},
{
"name" : "28987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28987"
},
{
"name" : "29262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29262"
},
{
"name" : "29444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29444"
},
{
"name" : "33755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432747",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}

170
2008/0xxx/CVE-2008-0901.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
},
{
"name" : "http://www.s21sec.com/avisos/s21sec-040-en.txt",
"refsource" : "MISC",
"url" : "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name" : "BEA08-197.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name" : "ADV-2008-0612",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name" : "1019449",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019449"
},
{
"name" : "29041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-197.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
]
}
}

130
2008/1xxx/CVE-2008-1132.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=579181",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=579181"
},
{
"name" : "29097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=579181",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=579181"
},
{
"name": "29097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29097"
}
]
}
}

160
2008/1xxx/CVE-2008-1266.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080301 The Router Hacking Challenge is Over!",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource" : "MISC",
"url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name" : "28439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28439"
},
{
"name" : "29366",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29366"
},
{
"name" : "dlink-di524-interface-dos(41125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "28439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28439"
},
{
"name": "29366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29366"
},
{
"name": "dlink-di524-interface-dos(41125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41125"
}
]
}
}

200
2008/3xxx/CVE-2008-3018.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the \"Malformed PICT Filter Vulnerability,\" a different vulnerability than CVE-2008-3021."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02360",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "SSRT080117",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "MS08-044",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
},
{
"name" : "TA08-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name" : "30597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30597"
},
{
"name" : "oval:org.mitre.oval:def:5879",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5879"
},
{
"name" : "ADV-2008-2348",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2348"
},
{
"name" : "1020673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020673"
},
{
"name" : "31336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the \"Malformed PICT Filter Vulnerability,\" a different vulnerability than CVE-2008-3021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS08-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
},
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "30597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30597"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "1020673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020673"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "ADV-2008-2348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2348"
},
{
"name": "31336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31336"
},
{
"name": "oval:org.mitre.oval:def:5879",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5879"
}
]
}
}

200
2008/3xxx/CVE-2008-3020.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the \"Malformed BMP Filter Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02360",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "SSRT080117",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "MS08-044",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
},
{
"name" : "TA08-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name" : "30599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30599"
},
{
"name" : "oval:org.mitre.oval:def:5868",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5868"
},
{
"name" : "ADV-2008-2348",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2348"
},
{
"name" : "1020673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020673"
},
{
"name" : "31336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the \"Malformed BMP Filter Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS08-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
},
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "1020673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020673"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "ADV-2008-2348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2348"
},
{
"name": "31336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31336"
},
{
"name": "30599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30599"
},
{
"name": "oval:org.mitre.oval:def:5868",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5868"
}
]
}
}

210
2008/3xxx/CVE-2008-3514.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495386/100/0/threaded"
},
{
"name" : "http://www.insomniasec.com/advisories/ISVA-080812.1.htm",
"refsource" : "MISC",
"url" : "http://www.insomniasec.com/advisories/ISVA-080812.1.htm"
},
{
"name" : "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0012.html"
},
{
"name" : "30664",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30664"
},
{
"name" : "ADV-2008-2363",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2363"
},
{
"name" : "1020693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020693"
},
{
"name" : "31468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31468"
},
{
"name" : "4150",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4150"
},
{
"name" : "virtualcenter-backend-info-disclosure(44425)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side \"enabled/disabled functionality\" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an \"attempt to assign permissions to other system users.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html"
},
{
"name": "31468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31468"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0012.html"
},
{
"name": "ADV-2008-2363",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2363"
},
{
"name": "virtualcenter-backend-info-disclosure(44425)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44425"
},
{
"name": "4150",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4150"
},
{
"name": "1020693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020693"
},
{
"name": "30664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30664"
},
{
"name": "20080812 VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495386/100/0/threaded"
},
{
"name": "http://www.insomniasec.com/advisories/ISVA-080812.1.htm",
"refsource": "MISC",
"url": "http://www.insomniasec.com/advisories/ISVA-080812.1.htm"
}
]
}
}

170
2008/3xxx/CVE-2008-3728.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=121881329424635&w=2"
},
{
"name" : "http://www.oliverkarow.de/research/mailscan.txt",
"refsource" : "MISC",
"url" : "http://www.oliverkarow.de/research/mailscan.txt"
},
{
"name" : "30700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30700"
},
{
"name" : "31534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31534"
},
{
"name" : "4172",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4172"
},
{
"name" : "mailscan-admininterface-security-bypass(44518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4172",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4172"
},
{
"name": "30700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30700"
},
{
"name": "31534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31534"
},
{
"name": "20080815 Re: MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121881329424635&w=2"
},
{
"name": "mailscan-admininterface-security-bypass(44518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44518"
},
{
"name": "http://www.oliverkarow.de/research/mailscan.txt",
"refsource": "MISC",
"url": "http://www.oliverkarow.de/research/mailscan.txt"
}
]
}
}

160
2008/4xxx/CVE-2008-4083.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6332",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6332"
},
{
"name" : "30944",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30944"
},
{
"name" : "31661",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31661"
},
{
"name" : "4251",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4251"
},
{
"name" : "brim-index-xss(44790)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44790"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30944"
},
{
"name": "6332",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6332"
},
{
"name": "4251",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4251"
},
{
"name": "brim-index-xss(44790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44790"
},
{
"name": "31661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31661"
}
]
}
}

34
2008/4xxx/CVE-2008-4123.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4123",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4123",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2008/4xxx/CVE-2008-4331.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6563",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6563"
},
{
"name" : "31392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31392"
},
{
"name" : "phpocs-index-file-include(45424)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45424"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31392"
},
{
"name": "phpocs-index-file-include(45424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45424"
},
{
"name": "6563",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6563"
}
]
}
}

210
2008/4xxx/CVE-2008-4578.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the \"k\" right to create unauthorized \"parent/child/child\" mailboxes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081119 Re: [ MDVSA-2008:232 ] dovecot",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498498/100/0/threaded"
},
{
"name" : "[Dovecot-news] 20081005 v1.1.4 released",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=240409",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=240409"
},
{
"name" : "GLSA-200812-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-16.xml"
},
{
"name" : "MDVSA-2008:232",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232"
},
{
"name" : "31587",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31587"
},
{
"name" : "ADV-2008-2745",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2745"
},
{
"name" : "32164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32164"
},
{
"name" : "33149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33149"
},
{
"name" : "dovecot-acl-mailbox-security-bypass(45669)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the \"k\" right to create unauthorized \"parent/child/child\" mailboxes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32164"
},
{
"name": "dovecot-acl-mailbox-security-bypass(45669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45669"
},
{
"name": "33149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33149"
},
{
"name": "ADV-2008-2745",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2745"
},
{
"name": "31587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31587"
},
{
"name": "MDVSA-2008:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:232"
},
{
"name": "GLSA-200812-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-16.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=240409",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=240409"
},
{
"name": "[Dovecot-news] 20081005 v1.1.4 released",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot-news/2008-October/000085.html"
},
{
"name": "20081119 Re: [ MDVSA-2008:232 ] dovecot",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498498/100/0/threaded"
}
]
}
}

190
2013/2xxx/CVE-2013-2022.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130421 Vulnerabilities in jPlayer",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name" : "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2"
},
{
"name" : "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2"
},
{
"name" : "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2"
},
{
"name" : "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/27/7"
},
{
"name" : "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/07/04/5"
},
{
"name" : "http://www.jplayer.org/2.3.0/release-notes/",
"refsource" : "CONFIRM",
"url" : "http://www.jplayer.org/2.3.0/release-notes/"
},
{
"name" : "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373",
"refsource" : "CONFIRM",
"url" : "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter. NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373",
"refsource": "CONFIRM",
"url": "https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373"
},
{
"name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136773622321563&w=2"
},
{
"name": "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/27/7"
},
{
"name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136570964825921&w=2"
},
{
"name": "http://www.jplayer.org/2.3.0/release-notes/",
"refsource": "CONFIRM",
"url": "http://www.jplayer.org/2.3.0/release-notes/"
},
{
"name": "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/04/5"
},
{
"name": "20130421 Vulnerabilities in jPlayer",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136726705917858&w=2"
}
]
}
}

34
2013/2xxx/CVE-2013-2280.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2280",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2280",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2013/2xxx/CVE-2013-2555.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130418 VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html"
},
{
"name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157",
"refsource" : "MISC",
"url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157"
},
{
"name" : "http://twitter.com/VUPEN/statuses/309713355466227713",
"refsource" : "MISC",
"url" : "http://twitter.com/VUPEN/statuses/309713355466227713"
},
{
"name" : "http://twitter.com/thezdi/statuses/309756927301283840",
"refsource" : "MISC",
"url" : "http://twitter.com/thezdi/statuses/309756927301283840"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-11.html"
},
{
"name" : "HPSBMU02948",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139455789818399&w=2"
},
{
"name" : "RHSA-2013:0730",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0730.html"
},
{
"name" : "SUSE-SU-2013:0670",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html"
},
{
"name" : "openSUSE-SU-2013:0672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html"
},
{
"name" : "openSUSE-SU-2013:0675",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130418 VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html"
},
{
"name": "http://twitter.com/VUPEN/statuses/309713355466227713",
"refsource": "MISC",
"url": "http://twitter.com/VUPEN/statuses/309713355466227713"
},
{
"name": "SUSE-SU-2013:0670",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-11.html"
},
{
"name": "http://twitter.com/thezdi/statuses/309756927301283840",
"refsource": "MISC",
"url": "http://twitter.com/thezdi/statuses/309756927301283840"
},
{
"name": "HPSBMU02948",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139455789818399&w=2"
},
{
"name": "RHSA-2013:0730",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0730.html"
},
{
"name": "openSUSE-SU-2013:0672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html"
},
{
"name": "openSUSE-SU-2013:0675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html"
},
{
"name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157",
"refsource": "MISC",
"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157"
}
]
}
}

430
2013/2xxx/CVE-2013-2923.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=237800",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=237800"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=246724",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=246724"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=254728",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=254728"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=257852",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=257852"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=260138",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=260138"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=264211",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=264211"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=265493",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=265493"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=265731",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=265731"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=266593",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=266593"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=267068",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=267068"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=269835",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=269835"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=274020",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=274020"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=276111",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=276111"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=277656",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=277656"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=278366",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=278366"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=279286",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=279286"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=284792",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=284792"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=285380",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=285380"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=288761",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=288761"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=288771",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=288771"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=289648",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=289648"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=293521",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=293521"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=294023",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=294023"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=294202",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=294202"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=294206",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=294206"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=299016",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=299016"
},
{
"name" : "DSA-2785",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2785"
},
{
"name" : "openSUSE-SU-2013:1556",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name" : "openSUSE-SU-2013:1861",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:0065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"name" : "oval:org.mitre.oval:def:18103",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=237800",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=237800"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
},
{
"name": "oval:org.mitre.oval:def:18103",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18103"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=294206",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=294206"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=284792",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=284792"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=274020",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=274020"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=264211",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=264211"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=276111",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=276111"
},
{
"name": "openSUSE-SU-2014:0065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"name": "DSA-2785",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2785"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=265731",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=265731"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=288771",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=288771"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=254728",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=254728"
},
{
"name": "openSUSE-SU-2013:1556",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=294202",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=294202"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=288761",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=288761"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=246724",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=246724"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=266593",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=266593"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=299016",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=299016"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=260138",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=260138"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=279286",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=279286"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=277656",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=277656"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=294023",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=294023"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=257852",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=257852"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=269835",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=269835"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=267068",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=267068"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=293521",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=293521"
},
{
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=285380",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=285380"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=278366",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=278366"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=289648",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=289648"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=265493",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=265493"
}
]
}
}

34
2013/3xxx/CVE-2013-3130.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3130",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3660, CVE-2013-3661. Reason: This candidate is a reservation duplicate of CVE-2013-3660 and CVE-2013-3661. Notes: All CVE users should reference CVE-2013-3660 and/or CVE-2013-3661 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-3130",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3660, CVE-2013-3661. Reason: This candidate is a reservation duplicate of CVE-2013-3660 and CVE-2013-3661. Notes: All CVE users should reference CVE-2013-3660 and/or CVE-2013-3661 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2013/3xxx/CVE-2013-3419.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
}
]
}
}

170
2013/3xxx/CVE-2013-3445.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217"
},
{
"name" : "20130725 Cisco Identity Services Engine High CPU Utilization Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3445"
},
{
"name" : "61452",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61452"
},
{
"name" : "95659",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95659"
},
{
"name" : "1028837",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028837"
},
{
"name" : "cisco-ise-cve20133445-dos(85982)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95659",
"refsource": "OSVDB",
"url": "http://osvdb.org/95659"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30217"
},
{
"name": "61452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61452"
},
{
"name": "cisco-ise-cve20133445-dos(85982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85982"
},
{
"name": "1028837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028837"
},
{
"name": "20130725 Cisco Identity Services Engine High CPU Utilization Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3445"
}
]
}
}

34
2013/3xxx/CVE-2013-3681.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3681",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3681",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/6xxx/CVE-2013-6199.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6199",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6199",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/6xxx/CVE-2013-6326.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6326",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6326",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2013/6xxx/CVE-2013-6482.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.pidgin.im/news/security/?id=75",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=75"
},
{
"name" : "http://www.pidgin.im/news/security/?id=76",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=76"
},
{
"name" : "http://www.pidgin.im/news/security/?id=77",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=77"
},
{
"name" : "DSA-2859",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2859"
},
{
"name" : "RHSA-2014:0139",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name" : "openSUSE-SU-2014:0239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name" : "openSUSE-SU-2014:0326",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name" : "USN-2100-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2100-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html"
},
{
"name": "RHSA-2014:0139",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=75",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=75"
},
{
"name": "DSA-2859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2859"
},
{
"name": "openSUSE-SU-2014:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html"
},
{
"name": "http://www.pidgin.im/news/security/?id=76",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=76"
},
{
"name": "USN-2100-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2100-1"
},
{
"name": "http://www.pidgin.im/news/security/?id=77",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=77"
}
]
}
}

120
2013/6xxx/CVE-2013-6955.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#615910",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/615910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#615910",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/615910"
}
]
}
}

34
2013/7xxx/CVE-2013-7046.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7046",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7046",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2013/7xxx/CVE-2013-7389.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
"refsource" : "MISC",
"url" : "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt"
},
{
"name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
"refsource" : "CONFIRM",
"url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008"
},
{
"name" : "61579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61579"
},
{
"name" : "95910",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/95910"
},
{
"name" : "95952",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/95952"
},
{
"name" : "95953",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/95953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
"refsource": "MISC",
"url": "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt"
},
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008"
},
{
"name": "95953",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/95953"
},
{
"name": "95952",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/95952"
},
{
"name": "95910",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/95910"
},
{
"name": "61579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61579"
}
]
}
}

198
2017/10xxx/CVE-2017-10071.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Universal Banking",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.3.0"
},
{
"version_affected" : "=",
"version_value" : "11.4.0"
},
{
"version_affected" : "=",
"version_value" : "12.0.1"
},
{
"version_affected" : "=",
"version_value" : "12.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.0.3"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.3.0"
},
{
"version_affected": "=",
"version_value": "11.4.0"
},
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.2"
},
{
"version_affected": "=",
"version_value": "12.0.3"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.2.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99866"
},
{
"name" : "1038934",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038934",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038934"
},
{
"name": "99866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99866"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10906.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fluentd",
"version" : {
"version_data" : [
{
"version_value" : "0.12.29 through 0.12.40"
}
]
}
}
]
},
"vendor_name" : "Cloud Native Computing Foundation (CNCF)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escape Sequence Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fluentd",
"version": {
"version_data": [
{
"version_value": "0.12.29 through 0.12.40"
}
]
}
}
]
},
"vendor_name": "Cloud Native Computing Foundation (CNCF)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jvn.jp/en/vu/JVNVU95124098/index.html",
"refsource" : "MISC",
"url" : "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"name" : "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes",
"refsource" : "CONFIRM",
"url" : "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"name" : "https://github.com/fluent/fluentd/pull/1733",
"refsource" : "CONFIRM",
"url" : "https://github.com/fluent/fluentd/pull/1733"
},
{
"name" : "RHSA-2018:2225",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2225"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escape Sequence Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2225",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95124098/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"name": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"name": "https://github.com/fluent/fluentd/pull/1733",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/pull/1733"
}
]
}
}

150
2017/14xxx/CVE-2017-14128.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22059",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22059"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780"
},
{
"name" : "GLSA-201801-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-01"
},
{
"name" : "100623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100623"
},
{
"name": "GLSA-201801-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-01"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22059",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22059"
}
]
}
}

34
2017/14xxx/CVE-2017-14815.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14815",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-14815",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

130
2017/14xxx/CVE-2017-14837.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-14837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "8.3.1.21155"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-14837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "8.3.1.21155"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-881",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-881"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-881",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-881"
}
]
}
}

140
2017/14xxx/CVE-2017-14937.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF",
"refsource" : "MISC",
"url" : "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF"
},
{
"name" : "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt",
"refsource" : "MISC",
"url" : "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt"
},
{
"name" : "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts",
"refsource" : "MISC",
"url" : "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/post/hardware/automotive/pdt"
},
{
"name": "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF",
"refsource": "MISC",
"url": "http://www.mmt.hs-karlsruhe.de/downloads/IEEM/Schwachstellen/PCU_Vulnerability_Description_HsKA.PDF"
},
{
"name": "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts",
"refsource": "MISC",
"url": "https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts"
}
]
}
}

120
2017/17xxx/CVE-2017-17010.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-17010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Content Manager Assistant for PlayStation",
"version" : {
"version_data" : [
{
"version_value" : "version 3.55.7671.0901 and earlier"
}
]
}
}
]
},
"vendor_name" : "Sony Interactive Entertainment Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-17010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Manager Assistant for PlayStation",
"version": {
"version_data": [
{
"version_value": "version 3.55.7671.0901 and earlier"
}
]
}
}
]
},
"vendor_name": "Sony Interactive Entertainment Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#95423049",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN95423049/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#95423049",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN95423049/index.html"
}
]
}
}

120
2017/17xxx/CVE-2017-17054.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/aubio/aubio/issues/148",
"refsource" : "MISC",
"url" : "https://github.com/aubio/aubio/issues/148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aubio/aubio/issues/148",
"refsource": "MISC",
"url": "https://github.com/aubio/aubio/issues/148"
}
]
}
}

34
2017/17xxx/CVE-2017-17444.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17444",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17444",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/17xxx/CVE-2017-17699.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3",
"refsource" : "MISC",
"url" : "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3",
"refsource": "MISC",
"url": "https://github.com/mmmxny/K7-Antivirus/tree/master/cve3"
}
]
}
}

150
2017/9xxx/CVE-2017-9142.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/490",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/490"
},
{
"name" : "DSA-3863",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3863"
},
{
"name" : "98683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a"
},
{
"name": "98683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98683"
},
{
"name": "DSA-3863",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3863"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/490",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/490"
}
]
}
}

204
2017/9xxx/CVE-2017-9286.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.com",
"DATE_PUBLIC" : "2017-10-04T00:00:00.000Z",
"ID" : "CVE-2017-9286",
"STATE" : "PUBLIC",
"TITLE" : "nextcloud package security issues with /srv/www/htdocs"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "nextcloud",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "11.0.3-3.1"
}
]
}
}
]
},
"vendor_name" : "SUSE"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Ludwig Nussel of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Using the untrusted hierarchy under /srv/wwwroot/htdocs during update as root user could be used to overwrite root files."
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-04T00:00:00.000Z",
"ID": "CVE-2017-9286",
"STATE": "PUBLIC",
"TITLE": "nextcloud package security issues with /srv/www/htdocs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nextcloud",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "11.0.3-3.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1036756",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1036756"
},
{
"name" : "https://www.suse.com/de-de/security/cve/CVE-2017-9286/",
"refsource" : "CONFIRM",
"url" : "https://www.suse.com/de-de/security/cve/CVE-2017-9286/"
},
{
"name" : "openSUSE-SU-2017:2641",
"refsource" : "SUSE",
"url" : "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html"
}
]
},
"source" : {
"advisory" : "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html",
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1036756"
],
"discovery" : "INTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Ludwig Nussel of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Using the untrusted hierarchy under /srv/wwwroot/htdocs during update as root user could be used to overwrite root files."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2017:2641",
"refsource": "SUSE",
"url": "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html"
},
{
"name": "https://www.suse.com/de-de/security/cve/CVE-2017-9286/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9286/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1036756",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1036756"
}
]
},
"source": {
"advisory": "https://lists.opensuse.org/opensuse-updates/2017-10/msg00010.html",
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1036756"
],
"discovery": "INTERNAL"
}
}

130
2017/9xxx/CVE-2017-9304.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"refsource" : "CONFIRM",
"url" : "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699"
},
{
"name" : "https://github.com/VirusTotal/yara/issues/674",
"refsource" : "CONFIRM",
"url" : "https://github.com/VirusTotal/yara/issues/674"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699",
"refsource": "CONFIRM",
"url": "https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699"
},
{
"name": "https://github.com/VirusTotal/yara/issues/674",
"refsource": "CONFIRM",
"url": "https://github.com/VirusTotal/yara/issues/674"
}
]
}
}

290
2018/0xxx/CVE-2018-0050.json
View File

@ -1,148 +1,148 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0050",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD) crash."
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0050",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD) crash."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "14.1",
"version_value": "14.1R8-S5, 14.1R9"
},
{
"affected": "<",
"platform": "QFX Switching",
"version_name": "14.1X53",
"version_value": "14.1X53-D48"
},
{
"affected": "<",
"platform": "QFabric System",
"version_name": "14.2",
"version_value": "14.1X53-D130"
},
{
"affected": "<",
"version_name": "14.2",
"version_value": "14.2R4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal protocols configurations are required:\n\n [protocols rsvp]\n [protocols mpls interface]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "14.1",
"version_value" : "14.1R8-S5, 14.1R9"
},
{
"affected" : "<",
"platform" : "QFX Switching",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D48"
},
{
"affected" : "<",
"platform" : "QFabric System",
"version_name" : "14.2",
"version_value" : "14.1X53-D130"
},
{
"affected" : "<",
"version_name" : "14.2",
"version_value" : "14.2R4"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"lang": "eng",
"value": "An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic."
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "The following minimal protocols configurations are required:\n\n [protocols rsvp]\n [protocols mpls interface]\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Error Handling\n"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10884",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10884"
},
{
"name" : "106206",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106206"
},
{
"name" : "1041851",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041851"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 14.1R8-S5, 14.1R9, 14.1X53-D130, 14.1X53-D48, 14.2R4, 15.1R1, and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10884",
"defect" : [
"1087100"
],
"discovery" : "INTERNAL"
},
"work_around" : [
{
"lang" : "eng",
"value" : "Remove MPLS configuration stanzas from interface configurations that are at risk.\nNo other workarounds exist for this issue. "
}
]
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Error Handling\n"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041851"
},
{
"name": "https://kb.juniper.net/JSA10884",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10884"
},
{
"name": "106206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106206"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 14.1R8-S5, 14.1R9, 14.1X53-D130, 14.1X53-D48, 14.2R4, 15.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10884",
"defect": [
"1087100"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Remove MPLS configuration stanzas from interface configurations that are at risk.\nNo other workarounds exist for this issue. "
}
]
}

130
2018/0xxx/CVE-2018-0571.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "baserCMS",
"version" : {
"version_data" : [
{
"version_value" : "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name" : "baserCMS Users Community"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted Upload of File with Dangerous Type"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "baserCMS",
"version": {
"version_data": [
{
"version_value": "(baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions)"
}
]
}
}
]
},
"vendor_name": "baserCMS Users Community"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://basercms.net/security/JVN67881316",
"refsource" : "MISC",
"url" : "https://basercms.net/security/JVN67881316"
},
{
"name" : "JVN#67881316",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://basercms.net/security/JVN67881316",
"refsource": "MISC",
"url": "https://basercms.net/security/JVN67881316"
},
{
"name": "JVN#67881316",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67881316/index.html"
}
]
}
}

140
2018/0xxx/CVE-2018-0594.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Skype for Windows",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Skype for Windows",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
},
{
"name" : "104563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource": "MISC",
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name": "JVN#91151862",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
},
{
"name": "104563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104563"
}
]
}
}

130
2018/0xxx/CVE-2018-0702.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cybozu Mailwise",
"version" : {
"version_data" : [
{
"version_value" : "5.0.0 to 5.4.5"
}
]
}
}
]
},
"vendor_name" : "Cybozu, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Mailwise",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.4.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.cybozu.support/article/34135/",
"refsource" : "MISC",
"url" : "https://kb.cybozu.support/article/34135/"
},
{
"name" : "JVN#83739174",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN83739174/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/34135/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34135/"
},
{
"name": "JVN#83739174",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83739174/index.html"
}
]
}
}

164
2018/1000xxx/CVE-2018-1000005.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-17",
"ID" : "CVE-2018-1000005",
"REQUESTER" : "daniel@haxx.se",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "libcurl",
"version" : {
"version_data" : [
{
"version_value" : "libcurl 7.49.0 to and including 7.57.0"
}
]
}
}
]
},
"vendor_name" : "libcurl"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-01-17",
"ID": "CVE-2018-1000005",
"REQUESTER": "daniel@haxx.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/docs/adv_2018-824a.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_2018-824a.html"
},
{
"name" : "https://github.com/curl/curl/pull/2231",
"refsource" : "CONFIRM",
"url" : "https://github.com/curl/curl/pull/2231"
},
{
"name" : "DSA-4098",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4098"
},
{
"name" : "USN-3554-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3554-1/"
},
{
"name" : "1040273",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040273",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040273"
},
{
"name": "USN-3554-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3554-1/"
},
{
"name": "DSA-4098",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4098"
},
{
"name": "https://curl.haxx.se/docs/adv_2018-824a.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_2018-824a.html"
},
{
"name": "https://github.com/curl/curl/pull/2231",
"refsource": "CONFIRM",
"url": "https://github.com/curl/curl/pull/2231"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000601.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-25T11:12:00.700012",
"DATE_REQUESTED" : "2018-06-25T00:00:00",
"ID" : "CVE-2018-1000601",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins SSH Credentials Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.13 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-25T11:12:00.700012",
"DATE_REQUESTED": "2018-06-25T00:00:00",
"ID": "CVE-2018-1000601",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000646.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-19T17:09:33.122288",
"DATE_REQUESTED" : "2018-08-08T13:38:36",
"ID" : "CVE-2018-1000646",
"REQUESTER" : "sajeeb@0dd.zone",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LH-EHR",
"version" : {
"version_data" : [
{
"version_value" : "REL-2.0.0"
}
]
}
}
]
},
"vendor_name" : "LibreHealthIO"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authenticated Unrestricted File Write"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.122288",
"DATE_REQUESTED": "2018-08-08T13:38:36",
"ID": "CVE-2018-1000646",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/",
"refsource" : "MISC",
"url" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/"
},
{
"name" : "https://github.com/LibreHealthIO/lh-ehr/issues/1211",
"refsource" : "MISC",
"url" : "https://github.com/LibreHealthIO/lh-ehr/issues/1211"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/"
},
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1211",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1211"
}
]
}
}

146
2018/1000xxx/CVE-2018-1000849.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.487947",
"DATE_REQUESTED" : "2018-11-21T15:16:04",
"ID" : "CVE-2018-1000849",
"REQUESTER" : "d@duniel.no",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Alpine Linux",
"version" : {
"version_data" : [
{
"version_value" : "Versions prior to 2.6.10, 2.7.6, and 2.10.1"
}
]
}
}
]
},
"vendor_name" : "Alpine Linux"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other/Unknown"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.487947",
"DATE_REQUESTED": "2018-11-21T15:16:04",
"ID": "CVE-2018-1000849",
"REQUESTER": "d@duniel.no",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://alpinelinux.org/posts/Alpine-3.8.1-released.html",
"refsource" : "MISC",
"url" : "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"name" : "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1",
"refsource" : "MISC",
"url" : "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
},
{
"name" : "https://justi.cz/security/2018/09/13/alpine-apk-rce.html",
"refsource" : "MISC",
"url" : "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html",
"refsource": "MISC",
"url": "https://justi.cz/security/2018/09/13/alpine-apk-rce.html"
},
{
"name": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html",
"refsource": "MISC",
"url": "https://alpinelinux.org/posts/Alpine-3.8.1-released.html"
},
{
"name": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1",
"refsource": "MISC",
"url": "https://git.alpinelinux.org/cgit/apk-tools/commit/?id=6484ed9849f03971eb48ee1fdc21a2f128247eb1"
}
]
}
}

130
2018/19xxx/CVE-2018-19143.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
},
{
"name" : "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/",
"refsource" : "MISC",
"url" : "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/",
"refsource": "MISC",
"url": "https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/"
},
{
"name": "[debian-lts-announce] 20181123 [SECURITY] [DLA 1592-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00028.html"
}
]
}
}

120
2018/19xxx/CVE-2018-19376.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/GreenCMS/GreenCMS/issues/114",
"refsource" : "MISC",
"url" : "https://github.com/GreenCMS/GreenCMS/issues/114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GreenCMS/GreenCMS/issues/114",
"refsource": "MISC",
"url": "https://github.com/GreenCMS/GreenCMS/issues/114"
}
]
}
}

130
2018/19xxx/CVE-2018-19601.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf"
},
{
"name" : "https://github.com/rhymix/rhymix/issues/1089",
"refsource" : "CONFIRM",
"url" : "https://github.com/rhymix/rhymix/issues/1089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-19601/blob/master/SSRF.pdf"
},
{
"name": "https://github.com/rhymix/rhymix/issues/1089",
"refsource": "CONFIRM",
"url": "https://github.com/rhymix/rhymix/issues/1089"
}
]
}
}

34
2018/19xxx/CVE-2018-19610.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19610",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19610",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/19xxx/CVE-2018-19720.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-19720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106161"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

34
2018/1xxx/CVE-2018-1311.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1311",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/1xxx/CVE-2018-1581.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1581",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1581",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/4xxx/CVE-2018-4235.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Messages\" component. It allows local users to perform impersonation attacks via an unspecified injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208848",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208848"
},
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
},
{
"name" : "https://support.apple.com/HT208850",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208850"
},
{
"name" : "https://support.apple.com/HT208851",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208851"
},
{
"name" : "1041027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"Messages\" component. It allows local users to perform impersonation attacks via an unspecified injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208850",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208850"
},
{
"name": "https://support.apple.com/HT208851",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208851"
},
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4390.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4390",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4390",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4978.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104172"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104172"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}

140
2018/4xxx/CVE-2018-4992.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Creative Cloud Desktop Application 4.4.1.298 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Creative Cloud Desktop Application 4.4.1.298 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper input validation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Creative Cloud Desktop Application 4.4.1.298 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Creative Cloud Desktop Application 4.4.1.298 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html"
},
{
"name" : "104103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104103"
},
{
"name" : "1040860",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104103"
},
{
"name": "1040860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040860"
},
{
"name": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-12.html"
}
]
}
}