admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:32:09 +00:00
parent 2de646a880
commit d38e4284eb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3522 additions and 3522 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2008/0xxx/CVE-2008-0206.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in captcha\\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080103 securityvulns.com russian vulnerabilities digest",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name" : "20080103 securityvulns.com russian vulnerabilities digest",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name" : "http://websecurity.com.ua/1588/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/1588/"
},
{
"name" : "3539",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3539"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in captcha\\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/1588/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/1588/"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
},
{
"name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
},
{
"name": "3539",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3539"
}
]
}
}

150
2008/0xxx/CVE-2008-0253.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080114 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486265/100/0/threaded"
},
{
"name" : "4904",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4904"
},
{
"name" : "27264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27264"
},
{
"name" : "binnsbuilder-fulltext-sql-injection(39634)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39634"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080114 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486265/100/0/threaded"
},
{
"name": "27264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27264"
},
{
"name": "binnsbuilder-fulltext-sql-injection(39634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39634"
},
{
"name": "4904",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4904"
}
]
}
}

220
2008/0xxx/CVE-2008-0659.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080131 MySpace Uploader ActiveX Control Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2008/Jan/0593.html"
},
{
"name" : "5025",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5025"
},
{
"name" : "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483",
"refsource" : "MISC",
"url" : "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483"
},
{
"name" : "http://blogs.aurigma.com/post/2008/01/Another-security-problem---oh%2c-not-again.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.aurigma.com/post/2008/01/Another-security-problem---oh%2c-not-again.aspx"
},
{
"name" : "VU#776931",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/776931"
},
{
"name" : "27533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27533"
},
{
"name" : "28715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28715"
},
{
"name" : "ADV-2008-0344",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0344/references"
},
{
"name" : "ADV-2008-0345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0345/references"
},
{
"name" : "28733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28733"
},
{
"name" : "myspace-myspaceuploader-bo(40118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28733"
},
{
"name": "http://blogs.aurigma.com/post/2008/01/Another-security-problem---oh%2c-not-again.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.aurigma.com/post/2008/01/Another-security-problem---oh%2c-not-again.aspx"
},
{
"name": "28715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28715"
},
{
"name": "27533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27533"
},
{
"name": "20080131 MySpace Uploader ActiveX Control Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2008/Jan/0593.html"
},
{
"name": "myspace-myspaceuploader-bo(40118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40118"
},
{
"name": "ADV-2008-0345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0345/references"
},
{
"name": "ADV-2008-0344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0344/references"
},
{
"name": "VU#776931",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/776931"
},
{
"name": "5025",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5025"
},
{
"name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483",
"refsource": "MISC",
"url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060483"
}
]
}
}

180
2008/0xxx/CVE-2008-0961.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080410 EMC DiskXtender Authentication Bypass Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683"
},
{
"name" : "28727",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28727"
},
{
"name" : "ADV-2008-1198",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1198/references"
},
{
"name" : "44419",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/44419"
},
{
"name" : "1019827",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019827"
},
{
"name" : "29778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29778"
},
{
"name" : "emc-diskxtender-unauthorized-access(41772)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019827",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019827"
},
{
"name": "20080410 EMC DiskXtender Authentication Bypass Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683"
},
{
"name": "ADV-2008-1198",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1198/references"
},
{
"name": "44419",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44419"
},
{
"name": "29778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29778"
},
{
"name": "emc-diskxtender-unauthorized-access(41772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41772"
},
{
"name": "28727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28727"
}
]
}
}

190
2008/1xxx/CVE-2008-1664.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX02355",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121805712507842&w=2"
},
{
"name" : "SSRT080023",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121805712507842&w=2"
},
{
"name" : "30581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30581"
},
{
"name" : "oval:org.mitre.oval:def:5855",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5855"
},
{
"name" : "ADV-2008-2314",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2314"
},
{
"name" : "1020637",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020637"
},
{
"name" : "31400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31400"
},
{
"name" : "hpux-libc-unspecified-dos(44247)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31400"
},
{
"name": "ADV-2008-2314",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2314"
},
{
"name": "oval:org.mitre.oval:def:5855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5855"
},
{
"name": "HPSBUX02355",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121805712507842&w=2"
},
{
"name": "30581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30581"
},
{
"name": "hpux-libc-unspecified-dos(44247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44247"
},
{
"name": "1020637",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020637"
},
{
"name": "SSRT080023",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121805712507842&w=2"
}
]
}
}

170
2008/1xxx/CVE-2008-1810.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080730 SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729"
},
{
"name" : "30474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30474"
},
{
"name" : "ADV-2008-2267",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2267/references"
},
{
"name" : "1020585",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020585"
},
{
"name" : "31318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31318"
},
{
"name" : "maxdb-dbmsrv-code-execution(44125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2267/references"
},
{
"name": "31318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31318"
},
{
"name": "30474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30474"
},
{
"name": "20080730 SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729"
},
{
"name": "1020585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020585"
},
{
"name": "maxdb-dbmsrv-code-execution(44125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125"
}
]
}
}

160
2008/4xxx/CVE-2008-4168.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080912 [scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496302/100/0/threaded"
},
{
"name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809",
"refsource" : "MISC",
"url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809"
},
{
"name" : "31148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31148"
},
{
"name" : "4285",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4285"
},
{
"name" : "stingray-verifylogin-xss(45107)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31148"
},
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809"
},
{
"name": "20080912 [scip_Advisory 3809] Pro2col StingRay FTS login username cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496302/100/0/threaded"
},
{
"name": "stingray-verifylogin-xss(45107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45107"
},
{
"name": "4285",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4285"
}
]
}
}

150
2008/5xxx/CVE-2008-5547.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
},
{
"name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name" : "4723",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4723"
},
{
"name" : "multiple-antivirus-mzheader-code-execution(47435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name": "4723",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4723"
},
{
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
]
}
}

170
2008/5xxx/CVE-2008-5570.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7400",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7400"
},
{
"name" : "32726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32726"
},
{
"name" : "50660",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50660"
},
{
"name" : "33065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33065"
},
{
"name" : "4751",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4751"
},
{
"name" : "phpmnl-index-file-include(47197)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47197"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32726"
},
{
"name": "33065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33065"
},
{
"name": "4751",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4751"
},
{
"name": "7400",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7400"
},
{
"name": "phpmnl-index-file-include(47197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47197"
},
{
"name": "50660",
"refsource": "OSVDB",
"url": "http://osvdb.org/50660"
}
]
}
}

160
2008/5xxx/CVE-2008-5686.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21330228",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21330228"
},
{
"name" : "32824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32824"
},
{
"name" : "ADV-2008-3432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3432"
},
{
"name" : "1021394",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021394"
},
{
"name" : "33143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32824"
},
{
"name": "ADV-2008-3432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3432"
},
{
"name": "1021394",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021394"
},
{
"name": "33143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33143"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21330228",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21330228"
}
]
}
}

160
2013/0xxx/CVE-2013-0989.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5770",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5770"
},
{
"name" : "http://support.apple.com/kb/HT5784",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5784"
},
{
"name" : "APPLE-SA-2013-05-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html"
},
{
"name" : "APPLE-SA-2013-06-04-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:16831",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16831",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831"
},
{
"name": "APPLE-SA-2013-05-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/May/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT5770",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5770"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
}
]
}
}

140
2013/3xxx/CVE-2013-3188.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3189."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-059",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name" : "TA13-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A"
},
{
"name" : "oval:org.mitre.oval:def:17942",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3189."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name": "TA13-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
},
{
"name": "oval:org.mitre.oval:def:17942",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17942"
}
]
}
}

140
2013/3xxx/CVE-2013-3206.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3207, and CVE-2013-3209."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-069",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069"
},
{
"name" : "TA13-253A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"name" : "oval:org.mitre.oval:def:18855",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18855"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3207, and CVE-2013-3209."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18855"
},
{
"name": "MS13-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}

120
2013/3xxx/CVE-2013-3584.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#595142",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/595142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#595142",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/595142"
}
]
}
}

130
2013/4xxx/CVE-2013-4050.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"name" : "domino-webadmin-cve20134050-csrf(86433)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webadmin-cve20134050-csrf(86433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
]
}
}

34
2013/4xxx/CVE-2013-4071.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4071",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4071",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/4xxx/CVE-2013-4193.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q3/261"
},
{
"name" : "http://plone.org/products/plone-hotfix/releases/20130618",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name" : "http://plone.org/products/plone/security/advisories/20130618-announcement",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=978469",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=978469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plone.org/products/plone/security/advisories/20130618-announcement",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"name": "http://plone.org/products/plone-hotfix/releases/20130618",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=978469",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978469"
}
]
}
}

34
2013/4xxx/CVE-2013-4241.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4241",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4241",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2013/4xxx/CVE-2013-4802.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBGN02906",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03864640"
},
{
"name" : "SSRT101100",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03864640"
},
{
"name" : "61450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61450"
},
{
"name" : "95646",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95646"
},
{
"name" : "1028834",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028834"
},
{
"name" : "53950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53950"
},
{
"name" : "hp-application-cve20134802-xss(85948)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95646",
"refsource": "OSVDB",
"url": "http://osvdb.org/95646"
},
{
"name": "61450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61450"
},
{
"name": "1028834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028834"
},
{
"name": "HPSBGN02906",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03864640"
},
{
"name": "hp-application-cve20134802-xss(85948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85948"
},
{
"name": "SSRT101100",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03864640"
},
{
"name": "53950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53950"
}
]
}
}

120
2013/4xxx/CVE-2013-4999.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php"
}
]
}
}

200
2013/6xxx/CVE-2013-6336.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-61.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-61.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139"
},
{
"name" : "DSA-2792",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2792"
},
{
"name" : "RHSA-2014:0342",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0342.html"
},
{
"name" : "openSUSE-SU-2013:1671",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00026.html"
},
{
"name" : "openSUSE-SU-2013:1675",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00027.html"
},
{
"name" : "oval:org.mitre.oval:def:19193",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1675",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00027.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036"
},
{
"name": "DSA-2792",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2792"
},
{
"name": "openSUSE-SU-2013:1671",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00026.html"
},
{
"name": "oval:org.mitre.oval:def:19193",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19193"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2013-61.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-61.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139"
},
{
"name": "RHSA-2014:0342",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html"
}
]
}
}

34
2013/6xxx/CVE-2013-6680.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6680",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6680",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

120
2013/6xxx/CVE-2013-6829.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131119 pineapp mailsecure pwnage",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131119 pineapp mailsecure pwnage",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0133.html"
}
]
}
}

180
2013/7xxx/CVE-2013-7181.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-7181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140203 XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 (CVE-2013-7181)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0015.html"
},
{
"name" : "http://www.fortiguard.com/advisory/FG-IR-14-002/",
"refsource" : "CONFIRM",
"url" : "http://www.fortiguard.com/advisory/FG-IR-14-002/"
},
{
"name" : "VU#593118",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/593118"
},
{
"name" : "65303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65303"
},
{
"name" : "102820",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102820"
},
{
"name" : "1029731",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029731"
},
{
"name" : "56732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102820",
"refsource": "OSVDB",
"url": "http://osvdb.org/102820"
},
{
"name": "VU#593118",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/593118"
},
{
"name": "56732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56732"
},
{
"name": "1029731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029731"
},
{
"name": "65303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65303"
},
{
"name": "20140203 XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 (CVE-2013-7181)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0015.html"
},
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-002/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-002/"
}
]
}
}

142
2017/10xxx/CVE-2017-10030.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BI Publisher (formerly XML Publisher)",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.1.1.7.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BI Publisher (formerly XML Publisher)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.1.1.7.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99740"
},
{
"name" : "1038940",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038940"
},
{
"name": "99740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99740"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

158
2017/10xxx/CVE-2017-10202.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Database",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.2.0.4"
},
{
"version_affected" : "=",
"version_value" : "12.1.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.2.0.1"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99865",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99865"
},
{
"name" : "1038923",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. Note: This score is for Windows platforms. On non-Windows platforms Scope is Unchanged, giving a CVSS Base Score of 8.8. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. While the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99865"
},
{
"name": "1038923",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038923"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

142
2017/10xxx/CVE-2017-10236.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.1.24"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.1.24"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99645",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99645"
},
{
"name" : "1038929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038929"
},
{
"name": "99645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99645"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10435.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10435",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10435",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/12xxx/CVE-2017-12022.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12022",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12022",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/12xxx/CVE-2017-12227.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Emergency Responder",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Emergency Responder"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Emergency Responder",
"version": {
"version_data": [
{
"version_value": "Cisco Emergency Responder"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer"
},
{
"name" : "100653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100653"
},
{
"name" : "1039287",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039287",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039287"
},
{
"name": "100653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100653"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer"
}
]
}
}

142
2017/12xxx/CVE-2017-12489.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00",
"ID" : "CVE-2017-12489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
{
"version_value" : "PLAT 7.3 (E0504)"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-11T00:00:00",
"ID": "CVE-2017-12489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value": "PLAT 7.3 (E0504)"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
},
{
"name" : "100367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100367"
},
{
"name" : "1039152",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039152"
},
{
"name": "100367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100367"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
}
]
}
}

176
2017/13xxx/CVE-2017-13194.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-13194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html"
},
{
"name" : "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"name" : "DSA-4132",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"name": "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9"
},
{
"name": "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html"
},
{
"name": "DSA-4132",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4132"
}
]
}
}

128
2017/13xxx/CVE-2017-13288.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-13288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "8.0"
},
{
"version_value" : "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-13288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
}
]
}
}

210
2017/13xxx/CVE-2017-13762.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gerrit.onosproject.org/#/c/14031/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14031/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14049/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14049/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14050/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14050/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14066/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14066/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14067/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14067/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14069/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14069/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14148/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14148/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14170/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14170/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14179/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14179/"
},
{
"name" : "https://gerrit.onosproject.org/#/c/14182/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/14182/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/14067/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14067/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14069/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14069/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14182/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14182/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14050/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14050/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14049/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14049/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14031/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14031/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14148/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14148/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14179/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14179/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14170/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14170/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14066/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14066/"
}
]
}
}

34
2017/17xxx/CVE-2017-17013.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17013",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17013",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/17xxx/CVE-2017-17342.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17342",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17342",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/17xxx/CVE-2017-17393.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17393",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17393",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2017/17xxx/CVE-2017-17566.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html"
},
{
"name" : "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/12/12/4",
"refsource" : "CONFIRM",
"url" : "http://www.openwall.com/lists/oss-security/2017/12/12/4"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-248.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-248.html"
},
{
"name" : "https://support.citrix.com/article/CTX232096",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX232096"
},
{
"name" : "DSA-4112",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4112"
},
{
"name" : "GLSA-201801-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-14"
},
{
"name" : "102167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102167"
},
{
"name" : "1040768",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040768",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040768"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-248.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-248.html"
},
{
"name": "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html"
},
{
"name": "102167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102167"
},
{
"name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/12/12/4",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/12/12/4"
},
{
"name": "GLSA-201801-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-14"
},
{
"name": "DSA-4112",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4112"
},
{
"name": "https://support.citrix.com/article/CTX232096",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX232096"
}
]
}
}

130
2017/17xxx/CVE-2017-17607.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43272",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43272/"
},
{
"name" : "https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html"
},
{
"name": "43272",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43272/"
}
]
}
}

140
2018/0xxx/CVE-2018-0355.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Unified Communications Manager unknown",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Unified Communications Manager unknown"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Unified Communications Manager unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs"
},
{
"name" : "104425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104425"
},
{
"name" : "1041068",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104425"
},
{
"name": "1041068",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041068"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs"
}
]
}
}

388
2018/0xxx/CVE-2018-0954.json
View File

@ -1,196 +1,196 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-0954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer 9",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
},
{
"product_name" : "Internet Explorer 11",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows 8.1 for 32-bit systems"
},
{
"version_value" : "Windows 8.1 for x64-based systems"
},
{
"version_value" : "Windows RT 8.1"
},
{
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows Server 2012 R2"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "Internet Explorer 10",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2012"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer 9",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
},
{
"product_name": "Internet Explorer 11",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "Internet Explorer 10",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0954",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0954"
},
{
"name" : "103991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103991"
},
{
"name" : "1040844",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103991"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0954",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0954"
},
{
"name": "1040844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040844"
}
]
}
}

150
2018/18xxx/CVE-2018-18328.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-18328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Antivirus for Mac (Consumer)",
"version" : {
"version_data" : [
{
"version_value" : "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-18328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/"
},
{
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name" : "105757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105757"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/"
},
{
"name": "105757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105757"
},
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
]
}
}

130
2018/18xxx/CVE-2018-18552.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt",
"refsource" : "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt"
},
{
"name" : "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt"
}
]
}
}

140
2018/18xxx/CVE-2018-18567.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181023 [SYSS-2018-026] missing X.509 validation with AudioCodes IP Phones (Skype for Business, on-premise) - CVE-2018-18567",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/32"
},
{
"name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt",
"refsource" : "MISC",
"url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt"
},
{
"name" : "1041956",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041956"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041956",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041956"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-026.txt"
},
{
"name": "20181023 [SYSS-2018-026] missing X.509 validation with AudioCodes IP Phones (Skype for Business, on-premise) - CVE-2018-18567",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/32"
}
]
}
}

130
2018/18xxx/CVE-2018-18640.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/",
"refsource" : "CONFIRM",
"url" : "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/"
},
{
"name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51423",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51423",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51423"
},
{
"name": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/"
}
]
}
}

120
2018/19xxx/CVE-2018-19218.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1643758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643758"
}
]
}
}

184
2018/19xxx/CVE-2018-19640.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2019-02-21T00:00:00.000Z",
"ID" : "CVE-2018-19640",
"STATE" : "PUBLIC",
"TITLE" : "Code execution if run with command line switch -v"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "supportutils",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "3.1-5.7.1"
}
]
}
}
]
},
"vendor_name" : "SUSE"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Johannes Segitz of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 4.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-377"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2019-02-21T00:00:00.000Z",
"ID": "CVE-2018-19640",
"STATE": "PUBLIC",
"TITLE": "Code execution if run with command line switch -v"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "supportutils",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "3.1-5.7.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1118463",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1118463"
}
]
},
"source" : {
"advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1118463",
"defect" : [
"1118463"
],
"discovery" : "INTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1118463",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1118463"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1118463",
"defect": [
"1118463"
],
"discovery": "INTERNAL"
}
}

120
2018/19xxx/CVE-2018-19651.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@namhb/ssrf-to-lfi-in-interspire-email-marketer-698a748462a9",
"refsource" : "MISC",
"url" : "https://medium.com/@namhb/ssrf-to-lfi-in-interspire-email-marketer-698a748462a9"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@namhb/ssrf-to-lfi-in-interspire-email-marketer-698a748462a9",
"refsource": "MISC",
"url": "https://medium.com/@namhb/ssrf-to-lfi-in-interspire-email-marketer-698a748462a9"
}
]
}
}

130
2018/19xxx/CVE-2018-19704.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-19704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-19704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

130
2018/19xxx/CVE-2018-19766.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"GroupRessourceAdmin.jsp\" has reflected XSS via the ConnPoolName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/20"
},
{
"name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"GroupRessourceAdmin.jsp\" has reflected XSS via the ConnPoolName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
},
{
"name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/20"
}
]
}
}

34
2018/1xxx/CVE-2018-1397.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1397",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1397",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/1xxx/CVE-2018-1849.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1849",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1849",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/5xxx/CVE-2018-5606.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5606",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5606",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}