admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:11:49 +00:00
parent d906fc0b31
commit d57a91331b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4435 additions and 4386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2004/1xxx/CVE-2004-1416.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041222 Realone2.0 \"pnxr3260.dll\" Lets Remote Users IE Browser Crash",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110374765215675&w=2"
},
{
"name" : "12660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12660"
},
{
"name": "20041222 Realone2.0 \"pnxr3260.dll\" Lets Remote Users IE Browser Crash",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110374765215675&w=2"
}
]
}
}

170
2004/1xxx/CVE-2004-1500.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041105 In-game format string bug in the Lithtech engine",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109969394601331&w=2"
},
{
"name" : "http://aluigi.altervista.org/adv/lithfs-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/lithfs-adv.txt"
},
{
"name" : "11610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11610"
},
{
"name" : "13116",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13116/"
},
{
"name" : "17317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17317"
},
{
"name" : "lithtech-format-string(17972)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11610"
},
{
"name": "lithtech-format-string(17972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17972"
},
{
"name": "17317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17317"
},
{
"name": "http://aluigi.altervista.org/adv/lithfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/lithfs-adv.txt"
},
{
"name": "13116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13116/"
},
{
"name": "20041105 In-game format string bug in the Lithtech engine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109969394601331&w=2"
}
]
}
}

170
2004/1xxx/CVE-2004-1560.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040928 MSSQL 7.0 DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109650760210411&w=2"
},
{
"name" : "http://packetstormsecurity.nl/0410-exploits/mssql.7.0.dos.c",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.nl/0410-exploits/mssql.7.0.dos.c"
},
{
"name" : "11265",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11265"
},
{
"name" : "1011434",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011434"
},
{
"name" : "12680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12680"
},
{
"name" : "mssql-data-buffer-dos(17542)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17542"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040928 MSSQL 7.0 DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109650760210411&w=2"
},
{
"name": "mssql-data-buffer-dos(17542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17542"
},
{
"name": "11265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11265"
},
{
"name": "12680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12680"
},
{
"name": "http://packetstormsecurity.nl/0410-exploits/mssql.7.0.dos.c",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0410-exploits/mssql.7.0.dos.c"
},
{
"name": "1011434",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011434"
}
]
}
}

180
2008/0xxx/CVE-2008-0037.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the \"Allow connections from network client\" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=307430",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name" : "APPLE-SA-2008-02-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"name" : "TA08-043B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name" : "27736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27736"
},
{
"name" : "ADV-2008-0495",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name" : "1019365",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019365"
},
{
"name" : "28891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the \"Allow connections from network client\" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=307430",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "TA08-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "1019365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019365"
},
{
"name": "APPLE-SA-2008-02-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
]
}
}

310
2008/3xxx/CVE-2008-3271.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
},
{
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-4.html"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
},
{
"name" : "http://www.nec.co.jp/security-info/secinfo/nv09-006.html",
"refsource" : "CONFIRM",
"url" : "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
},
{
"name" : "SUSE-SR:2008:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
},
{
"name" : "JVN#30732239",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN30732239/index.html"
},
{
"name" : "JVNDB-2008-000069",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
},
{
"name" : "31698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31698"
},
{
"name" : "35684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35684"
},
{
"name" : "ADV-2008-2793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2793"
},
{
"name" : "ADV-2008-2800",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2800"
},
{
"name" : "1021039",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021039"
},
{
"name" : "32234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32234"
},
{
"name" : "32213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32213"
},
{
"name" : "32398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32398"
},
{
"name" : "4396",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4396"
},
{
"name" : "ADV-2009-1818",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1818"
},
{
"name" : "apache-tomcat-valve-security-bypass(45791)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
},
{
"name": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html",
"refsource": "CONFIRM",
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
},
{
"name": "ADV-2008-2800",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2800"
},
{
"name": "32234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32234"
},
{
"name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
},
{
"name": "32398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32398"
},
{
"name": "SUSE-SR:2008:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
},
{
"name": "ADV-2009-1818",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1818"
},
{
"name": "4396",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4396"
},
{
"name": "31698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31698"
},
{
"name": "35684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35684"
},
{
"name": "ADV-2008-2793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2793"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "1021039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021039"
},
{
"name": "apache-tomcat-valve-security-bypass(45791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
},
{
"name": "JVN#30732239",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN30732239/index.html"
},
{
"name": "JVNDB-2008-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
},
{
"name": "32213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32213"
}
]
}
}

150
2008/3xxx/CVE-2008-3510.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.craftysyntax.com/help/viewtopic.php?t=3945",
"refsource" : "CONFIRM",
"url" : "http://www.craftysyntax.com/help/viewtopic.php?t=3945"
},
{
"name" : "30543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30543"
},
{
"name" : "31340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31340"
},
{
"name" : "cslh-livehelpjs-xss(44228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.craftysyntax.com/help/viewtopic.php?t=3945",
"refsource": "CONFIRM",
"url": "http://www.craftysyntax.com/help/viewtopic.php?t=3945"
},
{
"name": "cslh-livehelpjs-xss(44228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44228"
},
{
"name": "30543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30543"
},
{
"name": "31340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31340"
}
]
}
}

200
2008/3xxx/CVE-2008-3741.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/295053",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/295053"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=459108",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=459108"
},
{
"name" : "FEDORA-2008-7467",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html"
},
{
"name" : "FEDORA-2008-7626",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html"
},
{
"name" : "30689",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30689"
},
{
"name" : "31462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31462"
},
{
"name" : "ADV-2008-2392",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2392"
},
{
"name" : "31825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31825"
},
{
"name" : "drupal-mimemedia-xss(44446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=459108",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459108"
},
{
"name": "30689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30689"
},
{
"name": "31825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31825"
},
{
"name": "ADV-2008-2392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2392"
},
{
"name": "FEDORA-2008-7626",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html"
},
{
"name": "drupal-mimemedia-xss(44446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44446"
},
{
"name": "http://drupal.org/node/295053",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/295053"
},
{
"name": "FEDORA-2008-7467",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html"
},
{
"name": "31462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31462"
}
]
}
}

240
2008/3xxx/CVE-2008-3870.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-3870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090523 Secunia Research: Sun Solaris \"sadmind\" Integer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503772/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2008-47/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2008-47/"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm"
},
{
"name" : "259468",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1"
},
{
"name" : "35083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35083"
},
{
"name" : "54668",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/54668"
},
{
"name" : "oval:org.mitre.oval:def:6092",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6092"
},
{
"name" : "1022275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022275"
},
{
"name" : "32473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32473"
},
{
"name" : "35191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35191"
},
{
"name" : "ADV-2009-1409",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1409"
},
{
"name" : "solaris-allocating-bo(50706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32473"
},
{
"name": "http://secunia.com/secunia_research/2008-47/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-47/"
},
{
"name": "20090523 Secunia Research: Sun Solaris \"sadmind\" Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503772/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6092",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6092"
},
{
"name": "ADV-2009-1409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1409"
},
{
"name": "1022275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022275"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1"
},
{
"name": "54668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54668"
},
{
"name": "solaris-allocating-bo(50706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50706"
},
{
"name": "35191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35191"
},
{
"name": "259468",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1"
},
{
"name": "35083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35083"
}
]
}
}

170
2008/3xxx/CVE-2008-3968.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080909 Re: cve request: punbb < 1.2.20 xss",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name" : "[oss-security] 20080909 cve request: punbb < 1.2.20 xss",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/09/2"
},
{
"name" : "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource" : "CONFIRM",
"url" : "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name" : "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource" : "CONFIRM",
"url" : "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name" : "31082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31082"
},
{
"name" : "punbb-userlist-xss(45046)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-userlist-xss(45046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb < 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31082"
},
{
"name": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb < 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
]
}
}

200
2008/3xxx/CVE-2008-3970.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080906 CVE request: pam_mount < 0.47 missing security checks",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/06/3"
},
{
"name" : "[oss-security] 20080909 Re: CVE request: pam_mount < 0.47 missing security checks",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/09/12"
},
{
"name" : "[pam-mount-user] 20080905 pam_mount 0.47 released",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou.qr&forum_name=pam-mount-user"
},
{
"name" : "http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db",
"refsource" : "CONFIRM",
"url" : "http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=624240",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=624240"
},
{
"name" : "MDVSA-2008:208",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:208"
},
{
"name" : "SUSE-SR:2008:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"name" : "31041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31041"
},
{
"name" : "pammount-luserconf-privilege-escalation(44960)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44960"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[pam-mount-user] 20080905 pam_mount 0.47 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou.qr&forum_name=pam-mount-user"
},
{
"name": "[oss-security] 20080906 CVE request: pam_mount < 0.47 missing security checks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/06/3"
},
{
"name": "pammount-luserconf-privilege-escalation(44960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44960"
},
{
"name": "MDVSA-2008:208",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:208"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=624240",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=624240"
},
{
"name": "[oss-security] 20080909 Re: CVE request: pam_mount < 0.47 missing security checks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/12"
},
{
"name": "31041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31041"
},
{
"name": "http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db",
"refsource": "CONFIRM",
"url": "http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db"
},
{
"name": "SUSE-SR:2008:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
]
}
}

170
2008/4xxx/CVE-2008-4010.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to \"some NetUI tags.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-4010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
},
{
"name" : "https://support.bea.com/application_content/product_portlets/securityadvisories/2803.html",
"refsource" : "CONFIRM",
"url" : "https://support.bea.com/application_content/product_portlets/securityadvisories/2803.html"
},
{
"name" : "ADV-2008-2825",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2825"
},
{
"name" : "1021056",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021056"
},
{
"name" : "32302",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32302"
},
{
"name" : "oracle-workshop-tags-unauth-access(45909)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45909"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to \"some NetUI tags.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2803.html",
"refsource": "CONFIRM",
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2803.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
},
{
"name": "oracle-workshop-tags-unauth-access(45909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45909"
},
{
"name": "1021056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021056"
},
{
"name": "32302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32302"
},
{
"name": "ADV-2008-2825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2825"
}
]
}
}

190
2008/4xxx/CVE-2008-4214.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an \"insecure file operation\" on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3216",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3216"
},
{
"name" : "APPLE-SA-2008-10-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name" : "31681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31681"
},
{
"name" : "31716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31716"
},
{
"name" : "ADV-2008-2780",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name" : "1021029",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021029"
},
{
"name" : "32222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32222"
},
{
"name" : "macosx-scripteditor-symlink(45786)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an \"insecure file operation\" on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "macosx-scripteditor-symlink(45786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45786"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "31716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31716"
},
{
"name": "1021029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021029"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
}
]
}
}

190
2008/4xxx/CVE-2008-4236.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3338",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3338"
},
{
"name" : "APPLE-SA-2008-12-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name" : "TA08-350A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name" : "32839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32839"
},
{
"name" : "32875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32875"
},
{
"name" : "ADV-2008-3444",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name" : "1021398",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021398"
},
{
"name" : "33179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33179"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "TA08-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name": "33179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33179"
},
{
"name": "32839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32839"
},
{
"name": "http://support.apple.com/kb/HT3338",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "APPLE-SA-2008-12-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "1021398",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021398"
},
{
"name": "32875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32875"
}
]
}
}

140
2008/4xxx/CVE-2008-4610.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/07/1"
},
{
"name" : "USN-734-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-734-1"
},
{
"name" : "34296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/07/1"
},
{
"name": "USN-734-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-734-1"
},
{
"name": "34296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34296"
}
]
}
}

170
2008/4xxx/CVE-2008-4614.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4848",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4848"
},
{
"name" : "http://www.aspapp.com/content.asp?CatId=197&ContentType=Downloads",
"refsource" : "CONFIRM",
"url" : "http://www.aspapp.com/content.asp?CatId=197&ContentType=Downloads"
},
{
"name" : "27170",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27170"
},
{
"name" : "28337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28337"
},
{
"name" : "4439",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4439"
},
{
"name" : "portalapp-multiple-authentication-bypass(39457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.aspapp.com/content.asp?CatId=197&ContentType=Downloads",
"refsource": "CONFIRM",
"url": "http://www.aspapp.com/content.asp?CatId=197&ContentType=Downloads"
},
{
"name": "4848",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4848"
},
{
"name": "27170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27170"
},
{
"name": "portalapp-multiple-authentication-bypass(39457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39457"
},
{
"name": "4439",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4439"
},
{
"name": "28337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28337"
}
]
}
}

180
2008/4xxx/CVE-2008-4984.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://uvw.ru/report.lenny.txt",
"refsource" : "MISC",
"url" : "http://uvw.ru/report.lenny.txt"
},
{
"name" : "http://bugs.debian.org/496409",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/496409"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/scratchbox2",
"refsource" : "CONFIRM",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/scratchbox2"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name" : "30969",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30969"
},
{
"name" : "scratchbox2-sb2checkpkgmappings-symlink(44907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "http://bugs.debian.org/496409",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496409"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "scratchbox2-sb2checkpkgmappings-symlink(44907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44907"
},
{
"name": "30969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30969"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/scratchbox2",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/scratchbox2"
}
]
}
}

150
2008/6xxx/CVE-2008-6809.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7253",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7253"
},
{
"name" : "32512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32512"
},
{
"name" : "32430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32430"
},
{
"name" : "bookingcentre-hotelid-sql-injection(46913)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46913"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bookingcentre-hotelid-sql-injection(46913)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46913"
},
{
"name": "7253",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7253"
},
{
"name": "32430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32430"
},
{
"name": "32512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32512"
}
]
}
}

180
2008/6xxx/CVE-2008-6820.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with \"OS privilege,\" which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
},
{
"name" : "JR30026",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
},
{
"name" : "JR30227",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
},
{
"name" : "JR30228",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
},
{
"name" : "31058",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31058"
},
{
"name" : "48149",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with \"OS privilege,\" which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
},
{
"name": "31058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31058"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
},
{
"name": "JR30227",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30227"
},
{
"name": "JR30026",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30026"
},
{
"name": "48149",
"refsource": "OSVDB",
"url": "http://osvdb.org/48149"
},
{
"name": "JR30228",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30228"
}
]
}
}

200
2008/6xxx/CVE-2008-6935.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081117 Exodus v0.10 uri handler arbitrary parameter injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498389/100/0/threaded"
},
{
"name" : "7145",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7145"
},
{
"name" : "7167",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7167"
},
{
"name" : "http://retrogod.altervista.org/exodus_uri.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/exodus_uri.html"
},
{
"name" : "32330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32330"
},
{
"name" : "49888",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49888"
},
{
"name" : "32729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32729"
},
{
"name" : "ADV-2008-3191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3191"
},
{
"name" : "exodus-imuri-command-execution(46663)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46663"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081117 Exodus v0.10 uri handler arbitrary parameter injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498389/100/0/threaded"
},
{
"name": "32729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32729"
},
{
"name": "7167",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7167"
},
{
"name": "7145",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7145"
},
{
"name": "49888",
"refsource": "OSVDB",
"url": "http://osvdb.org/49888"
},
{
"name": "ADV-2008-3191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3191"
},
{
"name": "http://retrogod.altervista.org/exodus_uri.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/exodus_uri.html"
},
{
"name": "exodus-imuri-command-execution(46663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46663"
},
{
"name": "32330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32330"
}
]
}
}

260
2008/7xxx/CVE-2008-7091.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080730 Pligg <= 9.9.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494987/100/0/threaded"
},
{
"name" : "6173",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6173"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00120-07312008",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00120-07312008"
},
{
"name" : "30458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30458"
},
{
"name" : "50189",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50189"
},
{
"name" : "50190",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50190"
},
{
"name" : "50191",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50191"
},
{
"name" : "50192",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50192"
},
{
"name" : "50193",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50193"
},
{
"name" : "50194",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50194"
},
{
"name" : "50195",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50195"
},
{
"name" : "50196",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50196"
},
{
"name" : "50197",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50197"
},
{
"name" : "50198",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50198"
},
{
"name" : "pligg-multiple-sql-injection(44193)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50191",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50191"
},
{
"name": "pligg-multiple-sql-injection(44193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44193"
},
{
"name": "50198",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50198"
},
{
"name": "50195",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50195"
},
{
"name": "50193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50193"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00120-07312008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00120-07312008"
},
{
"name": "20080730 Pligg <= 9.9.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494987/100/0/threaded"
},
{
"name": "50194",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50194"
},
{
"name": "30458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30458"
},
{
"name": "50190",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50190"
},
{
"name": "50192",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50192"
},
{
"name": "50189",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50189"
},
{
"name": "50196",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50196"
},
{
"name": "50197",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50197"
},
{
"name": "6173",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6173"
}
]
}
}

150
2013/2xxx/CVE-2013-2107.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the \"List of alternative recipients\" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130518 Re: CVE request: WordPress plugin mail-on-update CSRF",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q2/356"
},
{
"name" : "http://wordpress.org/plugins/mail-on-update/changelog",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/mail-on-update/changelog"
},
{
"name" : "93452",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/93452"
},
{
"name" : "53449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the \"List of alternative recipients\" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93452",
"refsource": "OSVDB",
"url": "http://osvdb.org/93452"
},
{
"name": "[oss-security] 20130518 Re: CVE request: WordPress plugin mail-on-update CSRF",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/356"
},
{
"name": "http://wordpress.org/plugins/mail-on-update/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/mail-on-update/changelog"
},
{
"name": "53449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53449"
}
]
}
}

34
2013/2xxx/CVE-2013-2282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/2xxx/CVE-2013-2315.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.ec-cube.net/open_trac/changeset/22580",
"refsource" : "CONFIRM",
"url" : "http://svn.ec-cube.net/open_trac/changeset/22580"
},
{
"name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=43",
"refsource" : "CONFIRM",
"url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name" : "JVN#39699406",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"name" : "JVNDB-2013-000044",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000044",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=43",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22580",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
]
}
}

270
2013/2xxx/CVE-2013-2458.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via \"an error related to method handles.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/9efb5fb77027",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/9efb5fb77027"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975130",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975130"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name" : "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2013-0185.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02907",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
},
{
"name" : "MDVSA-2013:183",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name" : "RHSA-2013:0963",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
},
{
"name" : "RHSA-2013:1060",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name" : "SUSE-SU-2013:1256",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"name" : "SUSE-SU-2013:1257",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name" : "TA13-169A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name" : "oval:org.mitre.oval:def:17069",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17069"
},
{
"name" : "oval:org.mitre.oval:def:19709",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19709"
},
{
"name" : "54154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54154"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via \"an error related to method handles.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=975130",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=975130"
},
{
"name": "oval:org.mitre.oval:def:19709",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19709"
},
{
"name": "RHSA-2013:1060",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"name": "SUSE-SU-2013:1257",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name": "HPSBUX02907",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
},
{
"name": "SUSE-SU-2013:1256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
},
{
"name": "54154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54154"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/9efb5fb77027",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/9efb5fb77027"
},
{
"name": "TA13-169A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name": "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2013-0185.html"
},
{
"name": "RHSA-2013:0963",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
},
{
"name": "oval:org.mitre.oval:def:17069",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17069"
},
{
"name": "MDVSA-2013:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
}
]
}
}

140
2013/2xxx/CVE-2013-2705.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-2705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tipsandtricks-hq.com/ecommerce/wordpress-shopping-cart-change-log-319",
"refsource" : "CONFIRM",
"url" : "http://www.tipsandtricks-hq.com/ecommerce/wordpress-shopping-cart-change-log-319"
},
{
"name" : "93953",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/93953"
},
{
"name" : "52963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52963"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tipsandtricks-hq.com/ecommerce/wordpress-shopping-cart-change-log-319",
"refsource": "CONFIRM",
"url": "http://www.tipsandtricks-hq.com/ecommerce/wordpress-shopping-cart-change-log-319"
},
{
"name": "93953",
"refsource": "OSVDB",
"url": "http://osvdb.org/93953"
},
{
"name": "52963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52963"
}
]
}
}

140
2013/2xxx/CVE-2013-2984.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830"
},
{
"name" : "IC91046",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC91046"
},
{
"name" : "sterling-b2b-cve20132984-path(84006)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sterling-b2b-cve20132984-path(84006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84006"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830"
},
{
"name": "IC91046",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC91046"
}
]
}
}

34
2013/6xxx/CVE-2013-6153.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6153",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6153",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/6xxx/CVE-2013-6160.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6160",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6160",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

190
2013/6xxx/CVE-2013-6432.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131206 Re: CVE request: Kernel: ping: NULL pointer dereference on write to msg_name",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/12/06/6"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cf970c002d270c36202bd5b9c2804d3097a52da0",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cf970c002d270c36202bd5b9c2804d3097a52da0"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039046",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039046"
},
{
"name" : "https://github.com/torvalds/linux/commit/cf970c002d270c36202bd5b9c2804d3097a52da0",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/cf970c002d270c36202bd5b9c2804d3097a52da0"
},
{
"name" : "openSUSE-SU-2014:0205",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html"
},
{
"name" : "USN-2113-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2113-1"
},
{
"name" : "USN-2117-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2117-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2113-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2113-1"
},
{
"name": "[oss-security] 20131206 Re: CVE request: Kernel: ping: NULL pointer dereference on write to msg_name",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/06/6"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4"
},
{
"name": "USN-2117-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2117-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039046",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039046"
},
{
"name": "https://github.com/torvalds/linux/commit/cf970c002d270c36202bd5b9c2804d3097a52da0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cf970c002d270c36202bd5b9c2804d3097a52da0"
},
{
"name": "openSUSE-SU-2014:0205",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cf970c002d270c36202bd5b9c2804d3097a52da0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cf970c002d270c36202bd5b9c2804d3097a52da0"
}
]
}
}

140
2013/6xxx/CVE-2013-6801.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a \"fork bomb\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131107 Word 2003 SP2 .doc fork bomb on WinXP SP3",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0035.html"
},
{
"name" : "20131108 Re: Word 2003 SP2 .doc fork bomb on WinXP SP3",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0038.html"
},
{
"name" : "20131108 Re: Word 2003 SP2 .doc fork bomb on WinXP SP3",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0045.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a \"fork bomb\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131108 Re: Word 2003 SP2 .doc fork bomb on WinXP SP3",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0038.html"
},
{
"name": "20131108 Re: Word 2003 SP2 .doc fork bomb on WinXP SP3",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0045.html"
},
{
"name": "20131107 Word 2003 SP2 .doc fork bomb on WinXP SP3",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0035.html"
}
]
}
}

160
2013/6xxx/CVE-2013-6904.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource" : "MISC",
"url" : "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name" : "https://support.cybozu.com/ja-jp/article/6395",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/6395"
},
{
"name" : "JVN#23981867",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"name" : "JVNDB-2013-000113",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name" : "100572",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/6395",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6395"
},
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100572",
"refsource": "OSVDB",
"url": "http://osvdb.org/100572"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}

326
2017/10xxx/CVE-2017-10285.json
View File

@ -1,165 +1,165 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u161"
},
{
"version_affected" : "=",
"version_value" : "7u151"
},
{
"version_affected" : "=",
"version_value" : "8u144"
},
{
"version_affected" : "=",
"version_value" : "9; Java SE Embedded: 8u144"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u161"
},
{
"version_affected": "=",
"version_value": "7u151"
},
{
"version_affected": "=",
"version_value": "8u144"
},
{
"version_affected": "=",
"version_value": "9; Java SE Embedded: 8u144"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171019-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
},
{
"name" : "DSA-4015",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4015"
},
{
"name" : "DSA-4048",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4048"
},
{
"name" : "GLSA-201710-31",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-31"
},
{
"name" : "GLSA-201711-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-14"
},
{
"name" : "RHSA-2017:3264",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3264"
},
{
"name" : "RHSA-2017:3267",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3267"
},
{
"name" : "RHSA-2017:3268",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3268"
},
{
"name" : "RHSA-2017:2998",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2998"
},
{
"name" : "RHSA-2017:3392",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3392"
},
{
"name" : "RHSA-2017:3046",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name" : "RHSA-2017:3047",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name" : "RHSA-2017:2999",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name" : "RHSA-2017:3453",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name" : "101319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101319"
},
{
"name" : "1039596",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3047",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "GLSA-201711-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-14"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK"
},
{
"name": "DSA-4015",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4015"
},
{
"name": "101319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101319"
},
{
"name": "RHSA-2017:3267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3267"
},
{
"name": "RHSA-2017:2998",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2998"
},
{
"name": "RHSA-2017:3268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3268"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "1039596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "GLSA-201710-31",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-31"
},
{
"name": "RHSA-2017:3264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3264"
},
{
"name": "DSA-4048",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4048"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "RHSA-2017:3392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3392"
},
{
"name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
}
]
}
}

150
2017/10xxx/CVE-2017-10923.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://xenbits.xen.org/xsa/advisory-225.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-225.html"
},
{
"name" : "GLSA-201708-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-03"
},
{
"name" : "99160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99160"
},
{
"name" : "1038735",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038735"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038735",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038735"
},
{
"name": "99160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99160"
},
{
"name": "GLSA-201708-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-03"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-225.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-225.html"
}
]
}
}

34
2017/14xxx/CVE-2017-14109.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14109",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14109",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/14xxx/CVE-2017-14210.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14210",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14210",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/14xxx/CVE-2017-14620.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42923",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42923/"
},
{
"name" : "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html",
"refsource" : "MISC",
"url" : "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42923",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42923/"
},
{
"name": "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html",
"refsource": "MISC",
"url": "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html"
}
]
}
}

120
2017/14xxx/CVE-2017-14839.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42797",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42797/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42797/"
}
]
}
}

120
2017/15xxx/CVE-2017-15239.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15239",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15239",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15239"
}
]
}
}

34
2017/15xxx/CVE-2017-15704.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15704",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15704",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

120
2017/15xxx/CVE-2017-15950.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the \"Destination directory\" field, either within an XML document or through use of passive mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Oct/64",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Oct/64"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the \"Destination directory\" field, either within an XML document or through use of passive mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Oct/64",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Oct/64"
}
]
}
}

150
2017/9xxx/CVE-2017-9022.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html",
"refsource" : "CONFIRM",
"url" : "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html"
},
{
"name" : "DSA-3866",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3866"
},
{
"name" : "USN-3301-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3301-1"
},
{
"name" : "98760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html",
"refsource": "CONFIRM",
"url": "https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html"
},
{
"name": "DSA-3866",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3866"
},
{
"name": "98760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98760"
},
{
"name": "USN-3301-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3301-1"
}
]
}
}

130
2017/9xxx/CVE-2017-9202.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/"
},
{
"name" : "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe",
"refsource" : "MISC",
"url" : "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/"
},
{
"name": "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe",
"refsource": "MISC",
"url": "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe"
}
]
}
}

120
2017/9xxx/CVE-2017-9289.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\\ui\\editor.php (edit parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bramkorsten/Note/issues/11",
"refsource" : "CONFIRM",
"url" : "https://github.com/bramkorsten/Note/issues/11"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\\ui\\editor.php (edit parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bramkorsten/Note/issues/11",
"refsource": "CONFIRM",
"url": "https://github.com/bramkorsten/Note/issues/11"
}
]
}
}

130
2017/9xxx/CVE-2017-9551.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1697308",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/mahara/+bug/1697308"
},
{
"name" : "https://mahara.org/interaction/forum/topic.php?id=8040",
"refsource" : "CONFIRM",
"url" : "https://mahara.org/interaction/forum/topic.php?id=8040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8040",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8040"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1697308",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1697308"
}
]
}
}

140
2017/9xxx/CVE-2017-9617.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799"
},
{
"name" : "99087",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99087"
},
{
"name" : "1038706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799"
},
{
"name": "1038706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038706"
},
{
"name": "99087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99087"
}
]
}
}

242
2018/0xxx/CVE-2018-0044.json
View File

@ -1,123 +1,123 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0044",
"STATE" : "PUBLIC",
"TITLE" : "NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "NFX Series",
"version_name" : "18.1",
"version_value" : "18.1R4"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "This issue is only exploitable when there are user or system accounts with blank or empty passwords configured on JDM or host OS. "
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to \"yes\". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure default configuration"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0044",
"STATE": "PUBLIC",
"TITLE": "NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "NFX Series",
"version_name": "18.1",
"version_value": "18.1R4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10878",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10878"
},
{
"name" : "105565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105565"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "PermitEmptyPasswords option has been set to no by default in the fixed versions of Junos OS.\n\nThe following software releases have been updated to resolve this specific issue: 18.1R4, 18.2R1 and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10878",
"defect" : [
"1344176"
],
"discovery" : "INTERNAL"
},
"work_around" : [
{
"lang" : "eng",
"value" : "Ensure all the accounts on the JDM and host OS are configured with a password."
},
{
"lang" : "eng",
"value" : "Ensure that /etc/ssh/sshd_config file on JDM and host OS have the configuration\n PermitEmptyPasswords no"
}
]
}
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue is only exploitable when there are user or system accounts with blank or empty passwords configured on JDM or host OS. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to \"yes\". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure default configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10878",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10878"
},
{
"name": "105565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105565"
}
]
},
"solution": [
{
"lang": "eng",
"value": "PermitEmptyPasswords option has been set to no by default in the fixed versions of Junos OS.\n\nThe following software releases have been updated to resolve this specific issue: 18.1R4, 18.2R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10878",
"defect": [
"1344176"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Ensure all the accounts on the JDM and host OS are configured with a password."
},
{
"lang": "eng",
"value": "Ensure that /etc/ssh/sshd_config file on JDM and host OS have the configuration\n PermitEmptyPasswords no"
}
]
}

140
2018/0xxx/CVE-2018-0234.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Aironet 1810, 1830, and 1850 Series Access Points",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Aironet 1810, 1830, and 1850 Series Access Points"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition. This vulnerability affects Cisco Aironet 1810, 1830, and 1850 Series Access Points that are running Cisco Mobility Express Software Release 8.4.100.0, 8.5.103.0, or 8.5.105.0 and are configured as a master, subordinate, or standalone access point. Cisco Bug IDs: CSCvf73890."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Aironet 1810, 1830, and 1850 Series Access Points",
"version": {
"version_data": [
{
"version_value": "Cisco Aironet 1810, 1830, and 1850 Series Access Points"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp"
},
{
"name" : "104081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104081"
},
{
"name" : "1040820",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected access point. An attacker could exploit this vulnerability by initiating a PPTP connection to an affected access point from a device that is registered to the same wireless network as the access point and sending a malicious GRE frame through the data plane of the access point. A successful exploit could allow the attacker to cause the NSS core process on the affected access point to crash, which would cause the access point to reload and result in a DoS condition. This vulnerability affects Cisco Aironet 1810, 1830, and 1850 Series Access Points that are running Cisco Mobility Express Software Release 8.4.100.0, 8.5.103.0, or 8.5.105.0 and are configured as a master, subordinate, or standalone access point. Cisco Bug IDs: CSCvf73890."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp"
},
{
"name": "104081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104081"
},
{
"name": "1040820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040820"
}
]
}
}

130
2018/0xxx/CVE-2018-0324.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Enterprise NFV Infrastructure Software",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Enterprise NFV Infrastructure Software"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device. Cisco Bug IDs: CSCvi09723."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise NFV Infrastructure Software",
"version": {
"version_data": [
{
"version_value": "Cisco Enterprise NFV Infrastructure Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection"
},
{
"name" : "104208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device. Cisco Bug IDs: CSCvi09723."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-cli-command-injection"
},
{
"name": "104208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104208"
}
]
}
}

142
2018/0xxx/CVE-2018-0857.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-0857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge, ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Critical"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge, ChakraCore",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0857",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0857"
},
{
"name" : "102881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102881"
},
{
"name" : "1040372",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Critical"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102881"
},
{
"name": "1040372",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040372"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0857",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0857"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000648.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-19T17:09:33.124209",
"DATE_REQUESTED" : "2018-08-08T14:35:23",
"ID" : "CVE-2018-1000648",
"REQUESTER" : "sajeeb@0dd.zone",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "lh-ehr",
"version" : {
"version_data" : [
{
"version_value" : "REL-2.0.0"
}
]
}
}
]
},
"vendor_name" : "LibreHealthIO"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authenticated Unrestricted File Write"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.124209",
"DATE_REQUESTED": "2018-08-08T14:35:23",
"ID": "CVE-2018-1000648",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/",
"refsource" : "MISC",
"url" : "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/"
},
{
"name" : "https://github.com/LibreHealthIO/lh-ehr/issues/1213",
"refsource" : "MISC",
"url" : "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1213",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
},
{
"name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/"
}
]
}
}

34
2018/12xxx/CVE-2018-12252.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12252",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12252",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/12xxx/CVE-2018-12300.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12300",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12300",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/12xxx/CVE-2018-12994.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rocktronica/OneFileCMS/issues/7",
"refsource" : "MISC",
"url" : "https://github.com/rocktronica/OneFileCMS/issues/7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rocktronica/OneFileCMS/issues/7",
"refsource": "MISC",
"url": "https://github.com/rocktronica/OneFileCMS/issues/7"
}
]
}
}

130
2018/16xxx/CVE-2018-16223.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16223",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"name" : "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181102 [CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Nov/2"
},
{
"name": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150165/QBee-Camera-iSmartAlarm-Credential-Disclosure.html"
}
]
}
}

130
2018/16xxx/CVE-2018-16376.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/uclouvain/openjpeg/issues/1127",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/issues/1127"
},
{
"name" : "105262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105262"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105262"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/1127",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/1127"
}
]
}
}

34
2018/16xxx/CVE-2018-16401.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16401",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16401",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16485.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "m-server",
"version" : {
"version_data" : [
{
"version_value" : "<1.4.1"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "m-server",
"version": {
"version_data": [
{
"version_value": "<1.4.1"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/319795",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/319795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/319795",
"refsource": "MISC",
"url": "https://hackerone.com/reports/319795"
}
]
}
}

34
2018/16xxx/CVE-2018-16508.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16508",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16508",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2018/16xxx/CVE-2018-16886.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "etcd:",
"version" : {
"version_data" : [
{
"version_value" : "versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11"
}
]
}
}
]
},
"vendor_name" : "The etcd Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "etcd:",
"version": {
"version_data": [
{
"version_value": "versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11"
}
]
}
}
]
},
"vendor_name": "The etcd Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication",
"refsource" : "MISC",
"url" : "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication"
},
{
"name" : "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication",
"refsource" : "MISC",
"url" : "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886"
},
{
"name" : "RHSA-2019:0237",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0237"
},
{
"name" : "106540",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication",
"refsource": "MISC",
"url": "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication"
},
{
"name": "106540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106540"
},
{
"name": "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication",
"refsource": "MISC",
"url": "https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication"
},
{
"name": "RHSA-2019:0237",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0237"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886"
}
]
}
}

53
2018/18xxx/CVE-2018-18845.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18845",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151799/Advanced-Comment-System-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151799/Advanced-Comment-System-1.0-Cross-Site-Scripting.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/46",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/46"
}
]
}

34
2018/4xxx/CVE-2018-4126.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4126",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4126",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4197.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4197",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4197",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4802.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4802",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4802",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/4xxx/CVE-2018-4942.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unsafe XML External Entity Processing"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
},
{
"name" : "103718",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe XML External Entity Processing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html"
},
{
"name": "103718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103718"
}
]
}
}