admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:38:45 +00:00
parent f97b5332c2
commit cdb738f09c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3796 additions and 3796 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2004/0xxx/CVE-2004-0473.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Opera before 7.50 does not properly filter \"-\" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the \"-f\" option on Windows XP or (2) the \"-n\" option on Linux."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040512 Opera Telnet URI Handler File Creation/Truncation Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities"
},
{
"name" : "http://www.opera.com/linux/changelogs/750/index.dml",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/linux/changelogs/750/index.dml"
},
{
"name" : "GLSA-200405-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200405-19.xml"
},
{
"name" : "10341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10341"
},
{
"name" : "1010142",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010142"
},
{
"name" : "opera-telnet-file-overwrite(16139)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Opera before 7.50 does not properly filter \"-\" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the \"-f\" option on Windows XP or (2) the \"-n\" option on Linux."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/linux/changelogs/750/index.dml",
"refsource": "CONFIRM",
"url": "http://www.opera.com/linux/changelogs/750/index.dml"
},
{
"name": "opera-telnet-file-overwrite(16139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16139"
},
{
"name": "20040512 Opera Telnet URI Handler File Creation/Truncation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities"
},
{
"name": "1010142",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010142"
},
{
"name": "GLSA-200405-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-19.xml"
},
{
"name": "10341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10341"
}
]
}
}

150
2004/0xxx/CVE-2004-0603.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200406-18",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200406-18.xml"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=54890",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=54890"
},
{
"name" : "10603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10603"
},
{
"name" : "gzip-gzexe-tmpfile(16506)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=54890",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=54890"
},
{
"name": "gzip-gzexe-tmpfile(16506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16506"
},
{
"name": "GLSA-200406-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-18.xml"
},
{
"name": "10603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10603"
}
]
}
}

140
2004/1xxx/CVE-2004-1233.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041213 Gadu-Gadu several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110295777306493&w=2"
},
{
"name" : "http://www.man.poznan.pl/~security/gg-adv.txt",
"refsource" : "MISC",
"url" : "http://www.man.poznan.pl/~security/gg-adv.txt"
},
{
"name" : "gadu-gadu-dcc-bo(18465)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041213 Gadu-Gadu several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110295777306493&w=2"
},
{
"name": "http://www.man.poznan.pl/~security/gg-adv.txt",
"refsource": "MISC",
"url": "http://www.man.poznan.pl/~security/gg-adv.txt"
},
{
"name": "gadu-gadu-dcc-bo(18465)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18465"
}
]
}
}

150
2004/1xxx/CVE-2004-1732.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040820 Multiple vulnerabilities in MyDMS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109314495007280&w=2"
},
{
"name" : "10996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10996"
},
{
"name" : "12340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12340"
},
{
"name" : "mydms-folderld-sql-injection(17054)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17054"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mydms-folderld-sql-injection(17054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17054"
},
{
"name": "10996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10996"
},
{
"name": "12340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12340"
},
{
"name": "20040820 Multiple vulnerabilities in MyDMS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109314495007280&w=2"
}
]
}
}

130
2008/2xxx/CVE-2008-2052.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://holisticinfosec.org/content/view/62/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/62/45/"
},
{
"name" : "bitrix-redirect-security-bypass(42157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitrix-redirect-security-bypass(42157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157"
},
{
"name": "http://holisticinfosec.org/content/view/62/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/62/45/"
}
]
}
}

34
2008/3xxx/CVE-2008-3011.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3011",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-3011",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}

160
2008/3xxx/CVE-2008-3028.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-3/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-3/"
},
{
"name" : "30028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30028"
},
{
"name" : "46624",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/46624"
},
{
"name" : "30906",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30906"
},
{
"name" : "sendacard-unspecified-xss(43510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43510"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sendacard-unspecified-xss(43510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43510"
},
{
"name": "46624",
"refsource": "OSVDB",
"url": "http://osvdb.org/46624"
},
{
"name": "30028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30028"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-3/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-3/"
},
{
"name": "30906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30906"
}
]
}
}

140
2008/3xxx/CVE-2008-3171.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html",
"refsource" : "MISC",
"url" : "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
},
{
"name" : "30193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30193"
},
{
"name" : "safari-referer-header-info-disclosure(43837)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30193"
},
{
"name": "safari-referer-header-info-disclosure(43837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43837"
},
{
"name": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html",
"refsource": "MISC",
"url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
}
]
}
}

130
2008/3xxx/CVE-2008-3579.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "31279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31279"
},
{
"name" : "atmail-buildpleskupgrade-info-disclosure(44145)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31279"
},
{
"name": "atmail-buildpleskupgrade-info-disclosure(44145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44145"
}
]
}
}

620
2008/4xxx/CVE-2008-4065.json
View File

@ -1,312 +1,312 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka \"Stripped BOM characters bug.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=430740",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=430740"
},
{
"name" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
},
{
"name" : "DSA-1669",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1669"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "DSA-1696",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1696"
},
{
"name" : "DSA-1649",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1649"
},
{
"name" : "FEDORA-2008-8401",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
},
{
"name" : "FEDORA-2008-8429",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
},
{
"name" : "FEDORA-2008-8425",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html"
},
{
"name" : "MDVSA-2008:205",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
},
{
"name" : "MDVSA-2008:206",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206"
},
{
"name" : "RHSA-2008:0908",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0908.html"
},
{
"name" : "RHSA-2008:0879",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0879.html"
},
{
"name" : "RHSA-2008:0882",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
},
{
"name" : "SSA:2008-269-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232"
},
{
"name" : "SSA:2008-269-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422"
},
{
"name" : "SSA:2008-270-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123"
},
{
"name" : "256408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name" : "SUSE-SA:2008:050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
},
{
"name" : "USN-647-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-647-1"
},
{
"name" : "USN-645-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-645-1"
},
{
"name" : "USN-645-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-645-2"
},
{
"name" : "31346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31346"
},
{
"name" : "oval:org.mitre.oval:def:11383",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383"
},
{
"name" : "34501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34501"
},
{
"name" : "32185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32185"
},
{
"name" : "32196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32196"
},
{
"name" : "ADV-2008-2661",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2661"
},
{
"name" : "1020920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020920"
},
{
"name" : "32042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32042"
},
{
"name" : "32025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32025"
},
{
"name" : "32092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32092"
},
{
"name" : "32144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32144"
},
{
"name" : "32044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32044"
},
{
"name" : "32082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32082"
},
{
"name" : "32089",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32089"
},
{
"name" : "32095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32095"
},
{
"name" : "32096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32096"
},
{
"name" : "32845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32845"
},
{
"name" : "31984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31984"
},
{
"name" : "31985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31985"
},
{
"name" : "31987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31987"
},
{
"name" : "32007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32007"
},
{
"name" : "32010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32010"
},
{
"name" : "32011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32011"
},
{
"name" : "32012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32012"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
},
{
"name" : "33434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33434"
},
{
"name" : "ADV-2009-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name" : "firefox-bom-security-bypass(45356)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45356"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka \"Stripped BOM characters bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-43.html"
},
{
"name": "32025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32025"
},
{
"name": "32011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32011"
},
{
"name": "SSA:2008-269-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "1020920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020920"
},
{
"name": "32096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32096"
},
{
"name": "FEDORA-2008-8401",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html"
},
{
"name": "USN-645-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-645-1"
},
{
"name": "oval:org.mitre.oval:def:11383",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383"
},
{
"name": "MDVSA-2008:206",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:206"
},
{
"name": "32144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32144"
},
{
"name": "32010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32010"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "USN-645-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-645-2"
},
{
"name": "31346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31346"
},
{
"name": "31985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31985"
},
{
"name": "SUSE-SA:2008:050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html"
},
{
"name": "31984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31984"
},
{
"name": "32185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32185"
},
{
"name": "32196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32196"
},
{
"name": "FEDORA-2008-8425",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html"
},
{
"name": "DSA-1669",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1669"
},
{
"name": "32042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32042"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "ADV-2008-2661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2661"
},
{
"name": "SSA:2008-269-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422"
},
{
"name": "32095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32095"
},
{
"name": "32089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32089"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "32092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32092"
},
{
"name": "RHSA-2008:0879",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0879.html"
},
{
"name": "MDVSA-2008:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:205"
},
{
"name": "DSA-1696",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1696"
},
{
"name": "http://download.novell.com/Download?buildid=WZXONb-tqBw~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=WZXONb-tqBw~"
},
{
"name": "FEDORA-2008-8429",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html"
},
{
"name": "31987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31987"
},
{
"name": "firefox-bom-security-bypass(45356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45356"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=430740",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=430740"
},
{
"name": "USN-647-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-647-1"
},
{
"name": "32007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32007"
},
{
"name": "RHSA-2008:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0882.html"
},
{
"name": "32845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32845"
},
{
"name": "DSA-1649",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1649"
},
{
"name": "32012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32012"
},
{
"name": "33434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33434"
},
{
"name": "SSA:2008-270-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123"
},
{
"name": "32044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32044"
},
{
"name": "RHSA-2008:0908",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0908.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "32082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32082"
}
]
}
}

180
2008/4xxx/CVE-2008-4207.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080916 [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496427/100/0/threaded"
},
{
"name" : "6468",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6468"
},
{
"name" : "http://e-rdc.org/v1/news.php?readmore=108",
"refsource" : "MISC",
"url" : "http://e-rdc.org/v1/news.php?readmore=108"
},
{
"name" : "31207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31207"
},
{
"name" : "48271",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48271"
},
{
"name" : "31794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31794"
},
{
"name" : "4307",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which allows remote attackers to obtain sensitive information via a direct request, which invokes the phpinfo function. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://e-rdc.org/v1/news.php?readmore=108",
"refsource": "MISC",
"url": "http://e-rdc.org/v1/news.php?readmore=108"
},
{
"name": "31794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31794"
},
{
"name": "6468",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6468"
},
{
"name": "48271",
"refsource": "OSVDB",
"url": "http://osvdb.org/48271"
},
{
"name": "20080916 [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496427/100/0/threaded"
},
{
"name": "31207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31207"
},
{
"name": "4307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4307"
}
]
}
}

320
2008/4xxx/CVE-2008-4307.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "[oss-security] 20090113 CVE-2008-4307 kernel: local denial of service in locks_remove_flock",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/01/13/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=456282",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=456282"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "DSA-1787",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1787"
},
{
"name" : "DSA-1794",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1794"
},
{
"name" : "RHSA-2009:0451",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0451.html"
},
{
"name" : "RHSA-2009:0459",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0459.html"
},
{
"name" : "RHSA-2009:0473",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0473.html"
},
{
"name" : "USN-751-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-751-1"
},
{
"name" : "oval:org.mitre.oval:def:7728",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7728"
},
{
"name" : "oval:org.mitre.oval:def:9233",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9233"
},
{
"name" : "34917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34917"
},
{
"name" : "34962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34962"
},
{
"name" : "34981",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34981"
},
{
"name" : "35011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35011"
},
{
"name" : "35015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35015"
},
{
"name" : "37471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37471"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34962"
},
{
"name": "[oss-security] 20090113 CVE-2008-4307 kernel: local denial of service in locks_remove_flock",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/13/1"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:0459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0459.html"
},
{
"name": "oval:org.mitre.oval:def:7728",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7728"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "DSA-1794",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1794"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc"
},
{
"name": "USN-751-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-751-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26"
},
{
"name": "35015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35015"
},
{
"name": "35011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35011"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456282",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456282"
},
{
"name": "oval:org.mitre.oval:def:9233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9233"
},
{
"name": "34981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34981"
},
{
"name": "34917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34917"
},
{
"name": "DSA-1787",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1787"
},
{
"name": "RHSA-2009:0473",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0473.html"
},
{
"name": "RHSA-2009:0451",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0451.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

170
2008/4xxx/CVE-2008-4676.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX116310",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX116310"
},
{
"name" : "31484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31484"
},
{
"name" : "1020954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020954"
},
{
"name" : "ADV-2008-2702",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2702"
},
{
"name" : "32017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32017"
},
{
"name" : "citrix-server-unspecified-priv-escalation(45507)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX116310",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX116310"
},
{
"name": "31484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31484"
},
{
"name": "1020954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020954"
},
{
"name": "citrix-server-unspecified-priv-escalation(45507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45507"
},
{
"name": "32017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32017"
},
{
"name": "ADV-2008-2702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2702"
}
]
}
}

150
2008/4xxx/CVE-2008-4721.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to \"logged.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6625",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6625"
},
{
"name" : "27991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27991"
},
{
"name" : "4502",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4502"
},
{
"name" : "postcomments-postcomments-security-bypass(45503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to \"logged.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27991"
},
{
"name": "6625",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6625"
},
{
"name": "postcomments-postcomments-security-bypass(45503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45503"
},
{
"name": "4502",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4502"
}
]
}
}

150
2008/4xxx/CVE-2008-4923.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6870",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6870"
},
{
"name" : "31974",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31974"
},
{
"name" : "32425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32425"
},
{
"name" : "4561",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6870",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6870"
},
{
"name": "32425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32425"
},
{
"name": "31974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31974"
},
{
"name": "4561",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4561"
}
]
}
}

150
2008/6xxx/CVE-2008-6295.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.html",
"refsource" : "MISC",
"url" : "http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.html"
},
{
"name" : "32019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32019"
},
{
"name" : "31234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31234"
},
{
"name" : "cameralife-multiple-scripts-xss(46285)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46285"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.html",
"refsource": "MISC",
"url": "http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.html"
},
{
"name": "cameralife-multiple-scripts-xss(46285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46285"
},
{
"name": "32019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32019"
},
{
"name": "31234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31234"
}
]
}
}

160
2008/6xxx/CVE-2008-6746.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20080613 Turba H3 (2.2.1) (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2008/000414.html"
},
{
"name" : "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h"
},
{
"name" : "29743",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29743"
},
{
"name" : "30704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30704"
},
{
"name" : "turba-contactview-xss(43098)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h"
},
{
"name": "30704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30704"
},
{
"name": "[announce] 20080613 Turba H3 (2.2.1) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2008/000414.html"
},
{
"name": "turba-contactview-xss(43098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43098"
},
{
"name": "29743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29743"
}
]
}
}

160
2008/6xxx/CVE-2008-6788.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6819",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6819"
},
{
"name" : "31893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31893"
},
{
"name" : "49266",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49266"
},
{
"name" : "32358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32358"
},
{
"name" : "photogallery-id-username-sql-injection(46075)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49266",
"refsource": "OSVDB",
"url": "http://osvdb.org/49266"
},
{
"name": "photogallery-id-username-sql-injection(46075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46075"
},
{
"name": "31893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31893"
},
{
"name": "6819",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6819"
},
{
"name": "32358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32358"
}
]
}
}

150
2008/6xxx/CVE-2008-6824.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081031 A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497997/100/0/threaded"
},
{
"name" : "6899",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6899"
},
{
"name" : "http://www.louhinetworks.fi/advisory/alink_081028.txt",
"refsource" : "MISC",
"url" : "http://www.louhinetworks.fi/advisory/alink_081028.txt"
},
{
"name" : "wl54ap3-wl54ap2-default-password(51199)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081031 A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497997/100/0/threaded"
},
{
"name": "6899",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6899"
},
{
"name": "wl54ap3-wl54ap2-default-password(51199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51199"
},
{
"name": "http://www.louhinetworks.fi/advisory/alink_081028.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/alink_081028.txt"
}
]
}
}

180
2008/7xxx/CVE-2008-7126.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080303 Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-03/0018.html"
},
{
"name" : "http://aluigi.altervista.org/adv/visibroken-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/visibroken-adv.txt"
},
{
"name" : "28084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28084"
},
{
"name" : "43057",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43057"
},
{
"name" : "29213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29213"
},
{
"name" : "ADV-2008-0748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0748/references"
},
{
"name" : "visibroker-osagent-bo(40978)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40978"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43057",
"refsource": "OSVDB",
"url": "http://osvdb.org/43057"
},
{
"name": "visibroker-osagent-bo(40978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40978"
},
{
"name": "http://aluigi.altervista.org/adv/visibroken-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/visibroken-adv.txt"
},
{
"name": "20080303 Heap overflow in Borland VisiBroker Smart Agent 08.00.00.C1.03",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-03/0018.html"
},
{
"name": "29213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29213"
},
{
"name": "ADV-2008-0748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0748/references"
},
{
"name": "28084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28084"
}
]
}
}

140
2008/7xxx/CVE-2008-7134.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://download.redgalaxy.net/?nav=home",
"refsource" : "CONFIRM",
"url" : "http://download.redgalaxy.net/?nav=home"
},
{
"name" : "28219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28219"
},
{
"name" : "downloadcenter-multiple-xss(41198)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41198"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter, (2) message parameter in a login action, (3) category parameter in a browse action, (4) now parameter, or (5) search parameter in a search_results action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28219"
},
{
"name": "downloadcenter-multiple-xss(41198)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41198"
},
{
"name": "http://download.redgalaxy.net/?nav=home",
"refsource": "CONFIRM",
"url": "http://download.redgalaxy.net/?nav=home"
}
]
}
}

160
2013/2xxx/CVE-2013-2000.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
},
{
"name" : "DSA-2690",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2690"
},
{
"name" : "FEDORA-2013-9085",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106870.html"
},
{
"name" : "USN-1869-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1869-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2690",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2690"
},
{
"name": "USN-1869-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1869-1"
},
{
"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name": "FEDORA-2013-9085",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106870.html"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
}
]
}
}

120
2013/2xxx/CVE-2013-2089.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-026/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-026/"
}
]
}
}

150
2013/2xxx/CVE-2013-2199.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codex.wordpress.org/Version_3.5.2",
"refsource" : "CONFIRM",
"url" : "http://codex.wordpress.org/Version_3.5.2"
},
{
"name" : "http://wordpress.org/news/2013/06/wordpress-3-5-2/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2013/06/wordpress-3-5-2/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=976784",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=976784"
},
{
"name" : "DSA-2718",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vulnerability to CVE-2013-0235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/news/2013/06/wordpress-3-5-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2013/06/wordpress-3-5-2/"
},
{
"name": "DSA-2718",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2718"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=976784",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=976784"
},
{
"name": "http://codex.wordpress.org/Version_3.5.2",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.5.2"
}
]
}
}

34
2013/2xxx/CVE-2013-2518.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2518",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-2518",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

160
2013/2xxx/CVE-2013-2737.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2013-2737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
},
{
"name" : "RHSA-2013:0826",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html"
},
{
"name" : "SUSE-SU-2013:0809",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html"
},
{
"name" : "oval:org.mitre.oval:def:16864",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16864"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html"
},
{
"name": "SUSE-SU-2013:0809",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html"
},
{
"name": "RHSA-2013:0826",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html"
},
{
"name": "oval:org.mitre.oval:def:16864",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16864"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

160
2013/2xxx/CVE-2013-2881.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=257748",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=257748"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=153929&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=153929&view=revision"
},
{
"name" : "DSA-2732",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2732"
},
{
"name" : "oval:org.mitre.oval:def:17348",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17348"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:17348",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17348"
},
{
"name": "DSA-2732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2732"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=153929&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=153929&view=revision"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=257748",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=257748"
}
]
}
}

120
2013/6xxx/CVE-2013-6345.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an \"Application Exception.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7012027",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7012027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an \"Application Exception.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012027",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012027"
}
]
}
}

120
2013/6xxx/CVE-2013-6831.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131119 pineapp mailsecure no authenticated privilege escalation & remote execution code",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0139.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131119 pineapp mailsecure no authenticated privilege escalation & remote execution code",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0139.html"
}
]
}
}

34
2017/11xxx/CVE-2017-11168.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11168",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11168",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/11xxx/CVE-2017-11545.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11545",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-11545",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2017/11xxx/CVE-2017-11970.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11970",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11970",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/14xxx/CVE-2017-14427.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14427",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html",
"refsource" : "MISC",
"url" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html",
"refsource": "MISC",
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
}
]
}
}

122
2017/14xxx/CVE-2017-14474.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-05-07T00:00:00",
"ID" : "CVE-2017-14474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySql MMM",
"version" : {
"version_data" : [
{
"version_value" : "MMM 2.2.1"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-07T00:00:00",
"ID": "CVE-2017-14474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySql MMM",
"version": {
"version_data": [
{
"version_value": "MMM 2.2.1"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501"
}
]
}
}

140
2017/14xxx/CVE-2017-14603.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2017-008.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-27274",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
},
{
"name" : "DSA-3990",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3990"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2017-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2017-008.html"
},
{
"name": "DSA-3990",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3990"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27274",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27274"
}
]
}
}

130
2017/14xxx/CVE-2017-14829.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-14829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "8.3.1.21155"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-14829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "8.3.1.21155"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-873",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-873"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-873",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-873"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

132
2017/14xxx/CVE-2017-14902.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-14902",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in GLink kernel driver"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-14902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "102073",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in GLink kernel driver"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102073"
}
]
}
}

34
2017/15xxx/CVE-2017-15148.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15148",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15148",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/9xxx/CVE-2017-9131.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka \"unauthenticated remote command execution.\" This command can be re-sent endlessly to act as a DoS attack on the client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.iancaling.com/post/160596244178",
"refsource" : "MISC",
"url" : "http://blog.iancaling.com/post/160596244178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka \"unauthenticated remote command execution.\" This command can be re-sent endlessly to act as a DoS attack on the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.iancaling.com/post/160596244178",
"refsource": "MISC",
"url": "http://blog.iancaling.com/post/160596244178"
}
]
}
}

150
2017/9xxx/CVE-2017-9790.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-09-26T00:00:00",
"ID" : "CVE-2017-9790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Mesos",
"version" : {
"version_data" : [
{
"version_value" : "versions prior to 1.1.3"
},
{
"version_value" : "1.2.x before 1.2.2"
},
{
"version_value" : "1.3.x before 1.3.1"
},
{
"version_value" : "1.4.0-dev"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-09-26T00:00:00",
"ID": "CVE-2017-9790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Mesos",
"version": {
"version_data": [
{
"version_value": "versions prior to 1.1.3"
},
{
"version_value": "1.2.x before 1.2.2"
},
{
"version_value": "1.3.x before 1.3.1"
},
{
"version_value": "1.4.0-dev"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20170926 CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/cc1e7a69ea78da0511f5b54b6be7aa6e3c78edad5aaff430e7de028b@%3Cdev.mesos.apache.org%3E"
},
{
"name" : "101023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170926 CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/cc1e7a69ea78da0511f5b54b6be7aa6e3c78edad5aaff430e7de028b@%3Cdev.mesos.apache.org%3E"
},
{
"name": "101023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101023"
}
]
}
}

350
2018/0xxx/CVE-2018-0054.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0054",
"STATE" : "PUBLIC",
"TITLE" : "QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "15.1",
"version_value" : "15.1R7, 15.1R8"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "16.1",
"version_value" : "16.1R7"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "16.2",
"version_value" : "16.2R3"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "17.1",
"version_value" : "17.1R2-S9, 17.1R3"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "17.2",
"version_value" : "17.2R2-S6, 17.2R3"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D42"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "17.3",
"version_value" : "17.3R3"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "17.4",
"version_value" : "17.4R2"
},
{
"affected" : "<",
"platform" : "QFX5000 Series and EX4600",
"version_name" : "18.1",
"version_value" : "18.1R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0054",
"STATE": "PUBLIC",
"TITLE": "QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "15.1",
"version_value": "15.1R7, 15.1R8"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "16.1",
"version_value": "16.1R7"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "16.2",
"version_value": "16.2R3"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "17.1",
"version_value": "17.1R2-S9, 17.1R3"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "17.2",
"version_value": "17.2R2-S6, 17.2R3"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "17.2X75",
"version_value": "17.2X75-D42"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"affected": "<",
"platform": "QFX5000 Series and EX4600",
"version_name": "18.1",
"version_value": "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10888",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10888"
},
{
"name" : "1041855",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041855"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 14.1X53-D47, 15.1R7, 15.1R8, 15.1X53-D233, 16.1R7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R2-S6, 17.2R3, 17.2X75-D42, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10888",
"defect" : [
"1343597"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : "For BGP, configure 'ether-options no-flow-control' on the BGP interface.\n"
},
{
"lang" : "eng",
"value" : "Configure the lossless percentage of ingress shared buffer pool to be greater than the egress shared buffer pool. For example:\n\n [edit class-of-service shared-buffer]\n user@switch# set ingress buffer-partition lossless percent <percent>\n user@switch# set egress buffer-partition lossless percent <percent>\n"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routing protocol packet drops, such as BGP, leading to peering flaps. The following log message may also be displayed: fpc0 dcbcm_check_stuck_buffers: Buffers are stuck on queue 7 of port 45 This issue only affects the QFX5000 Series products (QFX5100, QFX5110, QFX5200, QFX5210) and the EX4600 switch. No other platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on QFX5000 Series and EX4600; 15.1 versions prior to 15.1R7, 15.1R8 on QFX5000 Series and EX4600; 15.1X53 versions prior to 15.1X53-D233 on QFX5000 Series and EX4600; 16.1 versions prior to 16.1R7 on QFX5000 Series and EX4600; 16.2 versions prior to 16.2R3 on QFX5000 Series and EX4600; 17.1 versions prior to 17.1R2-S9, 17.1R3 on QFX5000 Series and EX4600; 17.2 versions prior to 17.2R2-S6, 17.2R3 on QFX5000 Series and EX4600; 17.2X75 versions prior to 17.2X75-D42 on QFX5000 Series and EX4600; 17.3 versions prior to 17.3R3 on QFX5000 Series and EX4600; 17.4 versions prior to 17.4R2 on QFX5000 Series and EX4600; 18.1 versions prior to 18.1R2 on QFX5000 Series and EX4600."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10888",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10888"
},
{
"name": "1041855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041855"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 14.1X53-D47, 15.1R7, 15.1R8, 15.1X53-D233, 16.1R7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R2-S6, 17.2R3, 17.2X75-D42, 17.3R3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10888",
"defect": [
"1343597"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "For BGP, configure 'ether-options no-flow-control' on the BGP interface.\n"
},
{
"lang": "eng",
"value": "Configure the lossless percentage of ingress shared buffer pool to be greater than the egress shared buffer pool. For example:\n\n [edit class-of-service shared-buffer]\n user@switch# set ingress buffer-partition lossless percent <percent>\n user@switch# set egress buffer-partition lossless percent <percent>\n"
}
]
}

150
2018/0xxx/CVE-2018-0328.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Unified Communications Manager and Cisco Unified Presence",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Unified Communications Manager and Cisco Unified Presence"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager and Cisco Unified Presence",
"version": {
"version_data": [
{
"version_value": "Cisco Unified Communications Manager and Cisco Unified Presence"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss"
},
{
"name" : "104200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104200"
},
{
"name" : "1040928",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040928"
},
{
"name" : "1040929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040929"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss"
},
{
"name": "1040928",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040928"
},
{
"name": "104200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104200"
}
]
}
}

140
2018/0xxx/CVE-2018-0497.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2018-0497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14",
"version" : {
"version_data" : [
{
"version_value" : "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "plaintext recovery"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14",
"version": {
"version_data": [
{
"version_value": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"name" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02",
"refsource" : "CONFIRM",
"url" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02"
},
{
"name" : "DSA-4296",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "plaintext recovery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"name": "DSA-4296",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4296"
},
{
"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02",
"refsource": "CONFIRM",
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02"
}
]
}
}

130
2018/0xxx/CVE-2018-0632.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Aterm W300P",
"version" : {
"version_data" : [
{
"version_value" : "Ver1.0.13 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEC Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm W300P",
"version": {
"version_data": [
{
"version_value": "Ver1.0.13 and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource" : "MISC",
"url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name" : "JVN#26629618",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN26629618/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name": "JVN#26629618",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26629618/index.html"
}
]
}
}

154
2018/1000xxx/CVE-2018-1000069.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2/8/2018 5:47:33",
"ID" : "CVE-2018-1000069",
"REQUESTER" : "wojciech.regula@securing.pl",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreePlane",
"version" : {
"version_data" : [
{
"version_value" : "1.5.9 and earlier"
}
]
}
}
]
},
"vendor_name" : "FreePlane"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/8/2018 5:47:33",
"ID": "CVE-2018-1000069",
"REQUESTER": "wojciech.regula@securing.pl",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180324 [SECURITY] [DLA 1316-1] freeplane security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00019.html"
},
{
"name" : "https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser",
"refsource" : "MISC",
"url" : "https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser"
},
{
"name" : "https://www.youtube.com/watch?v=7IXtiTNilAI",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=7IXtiTNilAI"
},
{
"name" : "DSA-4175",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4175"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180324 [SECURITY] [DLA 1316-1] freeplane security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00019.html"
},
{
"name": "DSA-4175",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4175"
},
{
"name": "https://www.youtube.com/watch?v=7IXtiTNilAI",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=7IXtiTNilAI"
},
{
"name": "https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser",
"refsource": "MISC",
"url": "https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser"
}
]
}
}

124
2018/1000xxx/CVE-2018-1000110.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-02-26",
"ID" : "CVE-2018-1000110",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Git Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.7.0 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-912, CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-26",
"ID": "CVE-2018-1000110",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-723"
}
]
}
}

120
2018/12xxx/CVE-2018-12234.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.html",
"refsource" : "MISC",
"url" : "https://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.html",
"refsource": "MISC",
"url": "https://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.html"
}
]
}
}

34
2018/12xxx/CVE-2018-12509.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12509",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12509",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16101.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16101",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16101",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

140
2018/16xxx/CVE-2018-16525.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\\LLMNR packets in prvParseDNSReply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource" : "MISC",
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource" : "MISC",
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
},
{
"name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\\LLMNR packets in prvParseDNSReply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
}
]
}
}

34
2018/16xxx/CVE-2018-16813.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16813",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16813",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4397.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4397",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4397",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4536.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4536",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4536",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

166
2018/4xxx/CVE-2018-4834.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-01-24T00:00:00",
"ID" : "CVE-2018-4834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E",
"version" : {
"version_data" : [
{
"version_value" : "Desigo Automation Controllers Compact PXC12/22/36-E.D : All versions < V6.00.204"
},
{
"version_value" : "Desigo Automation Controllers Modular PXC00/50/100/200-E.D : All versions < V6.00.204"
},
{
"version_value" : "Desigo Automation Controllers PXC00/64/128-U with Web module : All versions < V6.00.204"
},
{
"version_value" : "Desigo Automation Controllers for Integration PXC001-E.D : All versions < V6.00.204"
},
{
"version_value" : "Desigo Operator Unit PXM20-E : All versions < V6.00.204"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-01-24T00:00:00",
"ID": "CVE-2018-4834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E",
"version": {
"version_data": [
{
"version_value": "Desigo Automation Controllers Compact PXC12/22/36-E.D : All versions < V6.00.204"
},
{
"version_value": "Desigo Automation Controllers Modular PXC00/50/100/200-E.D : All versions < V6.00.204"
},
{
"version_value": "Desigo Automation Controllers PXC00/64/128-U with Web module : All versions < V6.00.204"
},
{
"version_value": "Desigo Automation Controllers for Integration PXC001-E.D : All versions < V6.00.204"
},
{
"version_value": "Desigo Operator Unit PXM20-E : All versions < V6.00.204"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02"
},
{
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf"
},
{
"name" : "102850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02"
},
{
"name": "102850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102850"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf"
}
]
}
}

140
2018/4xxx/CVE-2018-4908.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4908",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name" : "102996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102996"
},
{
"name" : "1040364",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102996"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
}
]
}
}