admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:12:42 +00:00
parent a59d4fb775
commit d9b776bc23
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4082 additions and 4082 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2008/0xxx/CVE-2008-0032.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0032", "ID": "CVE-2008-0032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption." "value": "Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability", "name": "28502",
"refsource" : "IDEFENSE", "refsource": "SECUNIA",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642" "url": "http://secunia.com/advisories/28502"
}, },
{ {
"name" : "APPLE-SA-2008-01-15", "name": "http://docs.info.apple.com/article.html?artnum=307301",
"refsource" : "APPLE", "refsource": "CONFIRM",
"url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html" "url": "http://docs.info.apple.com/article.html?artnum=307301"
}, },
{ {
"name" : "http://docs.info.apple.com/article.html?artnum=307301", "name": "quicktime-macintosh-code-execution(39696)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://docs.info.apple.com/article.html?artnum=307301" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39696"
}, },
{ {
"name" : "TA08-016A", "name": "TA08-016A",
"refsource" : "CERT", "refsource": "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-016A.html" "url": "http://www.us-cert.gov/cas/techalerts/TA08-016A.html"
}, },
{ {
"name" : "27301", "name": "APPLE-SA-2008-01-15",
"refsource" : "BID", "refsource": "APPLE",
"url" : "http://www.securityfocus.com/bid/27301" "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html"
}, },
{ {
"name" : "ADV-2008-0148", "name": "27301",
"refsource" : "VUPEN", "refsource": "BID",
"url" : "http://www.vupen.com/english/advisories/2008/0148" "url": "http://www.securityfocus.com/bid/27301"
}, },
{ {
"name" : "1019221", "name": "ADV-2008-0148",
"refsource" : "SECTRACK", "refsource": "VUPEN",
"url" : "http://www.securitytracker.com/id?1019221" "url": "http://www.vupen.com/english/advisories/2008/0148"
}, },
{ {
"name" : "28502", "name": "20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability",
"refsource" : "SECUNIA", "refsource": "IDEFENSE",
"url" : "http://secunia.com/advisories/28502" "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642"
}, },
{ {
"name" : "quicktime-macintosh-code-execution(39696)", "name": "1019221",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39696" "url": "http://www.securitytracker.com/id?1019221"
} }
] ]
} }

92
2008/0xxx/CVE-2008-0164.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0164", "ID": "CVE-2008-0164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page." "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080313 PR08-02: Plone CMS Security Research - the Art of Plowning", "name": "3754",
"refsource" : "BUGTRAQ", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/archive/1/489544/100/0/threaded" "url": "http://securityreason.com/securityalert/3754"
}, },
{ {
"name" : "http://plone.org/about/security/advisories/cve-2008-0164", "name": "29361",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://plone.org/about/security/advisories/cve-2008-0164" "url": "http://secunia.com/advisories/29361"
}, },
{ {
"name" : "http://www.procheckup.com/Hacking_Plone_CMS.pdf", "name": "20080313 PR08-02: Plone CMS Security Research - the Art of Plowning",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "http://www.procheckup.com/Hacking_Plone_CMS.pdf" "url": "http://www.securityfocus.com/archive/1/489544/100/0/threaded"
}, },
{ {
"name" : "29361", "name": "http://www.procheckup.com/Hacking_Plone_CMS.pdf",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/29361" "url": "http://www.procheckup.com/Hacking_Plone_CMS.pdf"
}, },
{ {
"name" : "3754", "name": "http://plone.org/about/security/advisories/cve-2008-0164",
"refsource" : "SREASON", "refsource": "MISC",
"url" : "http://securityreason.com/securityalert/3754" "url": "http://plone.org/about/security/advisories/cve-2008-0164"
}, },
{ {
"name" : "plone-joinform-csrf(41263)", "name": "plone-joinform-csrf(41263)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41263" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41263"
} }
] ]
} }

80
2008/0xxx/CVE-2008-0204.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0204", "ID": "CVE-2008-0204",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php." "value": "Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080103 securityvulns.com russian vulnerabilities digest", "name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource" : "BUGTRAQ", "refsource": "FULLDISC",
"url" : "http://www.securityfocus.com/archive/1/485786/100/0/threaded" "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html"
}, },
{ {
"name" : "20080103 securityvulns.com russian vulnerabilities digest", "name": "20080103 securityvulns.com russian vulnerabilities digest",
"refsource" : "FULLDISC", "refsource": "BUGTRAQ",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html" "url": "http://www.securityfocus.com/archive/1/485786/100/0/threaded"
}, },
{ {
"name" : "http://websecurity.com.ua/1576/", "name": "http://websecurity.com.ua/1576/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://websecurity.com.ua/1576/" "url": "http://websecurity.com.ua/1576/"
}, },
{ {
"name" : "3539", "name": "3539",
"refsource" : "SREASON", "refsource": "SREASON",
"url" : "http://securityreason.com/securityalert/3539" "url": "http://securityreason.com/securityalert/3539"
} }
] ]
} }

22
2008/0xxx/CVE-2008-0323.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0323", "ID": "CVE-2008-0323",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2008/0xxx/CVE-2008-0601.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0601", "ID": "CVE-2008-0601",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter." "value": "SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "5064", "name": "5064",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5064" "url": "https://www.exploit-db.com/exploits/5064"
}, },
{ {
"name" : "27624", "name": "27624",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/27624" "url": "http://www.securityfocus.com/bid/27624"
} }
] ]
} }

134
2008/0xxx/CVE-2008-0782.json
View File

@ -1,121 +1,121 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0782", "ID": "CVE-2008-0782",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter." "value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "4957", "name": "33755",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "https://www.exploit-db.com/exploits/4957" "url": "http://secunia.com/advisories/33755"
}, },
{ {
"name" : "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630", "name": "GLSA-200803-27",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630" "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
}, },
{ {
"name" : "DSA-1514", "name": "29262",
"refsource" : "DEBIAN", "refsource": "SECUNIA",
"url" : "http://www.debian.org/security/2008/dsa-1514" "url": "http://secunia.com/advisories/29262"
}, },
{ {
"name" : "GLSA-200803-27", "name": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630",
"refsource" : "GENTOO", "refsource": "CONFIRM",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml" "url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
}, },
{ {
"name" : "USN-716-1", "name": "29010",
"refsource" : "UBUNTU", "refsource": "SECUNIA",
"url" : "https://usn.ubuntu.com/716-1/" "url": "http://secunia.com/advisories/29010"
}, },
{ {
"name" : "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit", "name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"refsource" : "VIM", "refsource": "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2008-January/001890.html" "url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
}, },
{ {
"name" : "27404", "name": "moinmoin-readme-file-overwrite(39837)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/27404" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
}, },
{ {
"name" : "ADV-2008-0569", "name": "4957",
"refsource" : "VUPEN", "refsource": "EXPLOIT-DB",
"url" : "http://www.vupen.com/english/advisories/2008/0569/references" "url": "https://www.exploit-db.com/exploits/4957"
}, },
{ {
"name" : "29010", "name": "ADV-2008-0569",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/29010" "url": "http://www.vupen.com/english/advisories/2008/0569/references"
}, },
{ {
"name" : "29262", "name": "29444",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/29262" "url": "http://secunia.com/advisories/29444"
}, },
{ {
"name" : "29444", "name": "27404",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/29444" "url": "http://www.securityfocus.com/bid/27404"
}, },
{ {
"name" : "33755", "name": "USN-716-1",
"refsource" : "SECUNIA", "refsource": "UBUNTU",
"url" : "http://secunia.com/advisories/33755" "url": "https://usn.ubuntu.com/716-1/"
}, },
{ {
"name" : "moinmoin-readme-file-overwrite(39837)", "name": "DSA-1514",
"refsource" : "XF", "refsource": "DEBIAN",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837" "url": "http://www.debian.org/security/2008/dsa-1514"
} }
] ]
} }

80
2008/0xxx/CVE-2008-0903.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0903", "ID": "CVE-2008-0903",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL." "value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "BEA08-199.00", "name": "BEA08-199.00",
"refsource" : "BEA", "refsource": "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/275" "url": "http://dev2dev.bea.com/pub/advisory/275"
}, },
{ {
"name" : "ADV-2008-0608", "name": "29041",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2008/0608/references" "url": "http://secunia.com/advisories/29041"
}, },
{ {
"name" : "1019450", "name": "1019450",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019450" "url": "http://www.securitytracker.com/id?1019450"
}, },
{ {
"name" : "29041", "name": "ADV-2008-0608",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/29041" "url": "http://www.vupen.com/english/advisories/2008/0608/references"
} }
] ]
} }

98
2008/1xxx/CVE-2008-1024.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1024", "ID": "CVE-2008-1024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption." "value": "Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://support.apple.com/kb/HT1467", "name": "http://support.apple.com/kb/HT1467",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://support.apple.com/kb/HT1467" "url": "http://support.apple.com/kb/HT1467"
}, },
{ {
"name" : "APPLE-SA-2008-04-16", "name": "ADV-2008-0979",
"refsource" : "APPLE", "refsource": "VUPEN",
"url" : "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html" "url": "http://www.vupen.com/english/advisories/2008/0979/references"
}, },
{ {
"name" : "VU#529441", "name": "APPLE-SA-2008-04-16",
"refsource" : "CERT-VN", "refsource": "APPLE",
"url" : "http://www.kb.cert.org/vuls/id/529441" "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
}, },
{ {
"name" : "28813", "name": "VU#529441",
"refsource" : "BID", "refsource": "CERT-VN",
"url" : "http://www.securityfocus.com/bid/28813" "url": "http://www.kb.cert.org/vuls/id/529441"
}, },
{ {
"name" : "1019868", "name": "apple-safari-filedownload-code-execution(41864)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id?1019868" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41864"
}, },
{ {
"name" : "ADV-2008-0979", "name": "28813",
"refsource" : "VUPEN", "refsource": "BID",
"url" : "http://www.vupen.com/english/advisories/2008/0979/references" "url": "http://www.securityfocus.com/bid/28813"
}, },
{ {
"name" : "apple-safari-filedownload-code-execution(41864)", "name": "1019868",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41864" "url": "http://www.securitytracker.com/id?1019868"
} }
] ]
} }

74
2008/1xxx/CVE-2008-1140.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1140", "ID": "CVE-2008-1140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\\\.\\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the \"ring0 SYSTEM\" vulnerability." "value": "DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\\\.\\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the \"ring0 SYSTEM\" vulnerability."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "5144", "name": "5144",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5144" "url": "https://www.exploit-db.com/exploits/5144"
}, },
{ {
"name" : "ADV-2008-0597", "name": "29005",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2008/0597" "url": "http://secunia.com/advisories/29005"
}, },
{ {
"name" : "29005", "name": "ADV-2008-0597",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/29005" "url": "http://www.vupen.com/english/advisories/2008/0597"
} }
] ]
} }

110
2008/1xxx/CVE-2008-1737.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1737", "ID": "CVE-2008-1737",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function." "value": "Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime Behavioural Analysis is enabled, allows local users to cause a denial of service (reboot with the product disabled) and possibly gain privileges via a zero value in a certain length field in the ObjectAttributes argument to the NtCreateKey hooked System Service Descriptor Table (SSDT) function."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls", "name": "29996",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/archive/1/491405/100/0/threaded" "url": "http://secunia.com/advisories/29996"
}, },
{ {
"name" : "http://www.coresecurity.com/?action=item&id=2249", "name": "28743",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://www.coresecurity.com/?action=item&id=2249" "url": "http://www.securityfocus.com/bid/28743"
}, },
{ {
"name" : "http://www.sophos.com/support/knowledgebase/article/37810.html", "name": "3838",
"refsource" : "CONFIRM", "refsource": "SREASON",
"url" : "http://www.sophos.com/support/knowledgebase/article/37810.html" "url": "http://securityreason.com/securityalert/3838"
}, },
{ {
"name" : "28743", "name": "ADV-2008-1381",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/28743" "url": "http://www.vupen.com/english/advisories/2008/1381"
}, },
{ {
"name" : "ADV-2008-1381", "name": "sophos-ssdt-dos(42083)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2008/1381" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42083"
}, },
{ {
"name" : "1019945", "name": "http://www.coresecurity.com/?action=item&id=2249",
"refsource" : "SECTRACK", "refsource": "MISC",
"url" : "http://securitytracker.com/id?1019945" "url": "http://www.coresecurity.com/?action=item&id=2249"
}, },
{ {
"name" : "29996", "name": "http://www.sophos.com/support/knowledgebase/article/37810.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/29996" "url": "http://www.sophos.com/support/knowledgebase/article/37810.html"
}, },
{ {
"name" : "3838", "name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/3838" "url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
}, },
{ {
"name" : "sophos-ssdt-dos(42083)", "name": "1019945",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42083" "url": "http://securitytracker.com/id?1019945"
} }
] ]
} }

92
2008/1xxx/CVE-2008-1741.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-1741", "ID": "CVE-2008-1741",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533." "value": "The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080514 Cisco Unified Presence Denial of Service Vulnerabilities", "name": "cisco-unifiedpresence-sipproxy-dos(42413)",
"refsource" : "CISCO", "refsource": "XF",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42413"
}, },
{ {
"name" : "29222", "name": "20080514 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource" : "BID", "refsource": "CISCO",
"url" : "http://www.securityfocus.com/bid/29222" "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995682.shtml"
}, },
{ {
"name" : "ADV-2008-1534", "name": "29222",
"refsource" : "VUPEN", "refsource": "BID",
"url" : "http://www.vupen.com/english/advisories/2008/1534" "url": "http://www.securityfocus.com/bid/29222"
}, },
{ {
"name" : "1020023", "name": "30269",
"refsource" : "SECTRACK", "refsource": "SECUNIA",
"url" : "http://securitytracker.com/id?1020023" "url": "http://secunia.com/advisories/30269"
}, },
{ {
"name" : "30269", "name": "ADV-2008-1534",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/30269" "url": "http://www.vupen.com/english/advisories/2008/1534"
}, },
{ {
"name" : "cisco-unifiedpresence-sipproxy-dos(42413)", "name": "1020023",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42413" "url": "http://securitytracker.com/id?1020023"
} }
] ]
} }

80
2008/1xxx/CVE-2008-1909.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1909", "ID": "CVE-2008-1909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." "value": "SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "5428", "name": "5428",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5428" "url": "https://www.exploit-db.com/exploits/5428"
}, },
{ {
"name" : "28739", "name": "phpkb-comment-sql-injection(41769)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/28739" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41769"
}, },
{ {
"name" : "29791", "name": "29791",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/29791" "url": "http://secunia.com/advisories/29791"
}, },
{ {
"name" : "phpkb-comment-sql-injection(41769)", "name": "28739",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41769" "url": "http://www.securityfocus.com/bid/28739"
} }
] ]
} }

140
2008/1xxx/CVE-2008-1974.json
View File

@ -1,126 +1,126 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1974", "ID": "CVE-2008-1974",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter." "value": "Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080422 Horde Webmail XSS [Aria-Security]", "name": "51238",
"refsource" : "BUGTRAQ", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/archive/1/491230/100/0/threaded" "url": "http://osvdb.org/51238"
}, },
{ {
"name" : "[kronolith] 20080427 Kronolith H3 (2.1.8) (final)", "name": "FEDORA-2008-3460",
"refsource" : "MLIST", "refsource": "FEDORA",
"url" : "http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html"
}, },
{ {
"name" : "http://forum.aria-security.com/showthread.php?t=49", "name": "29920",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://forum.aria-security.com/showthread.php?t=49" "url": "http://secunia.com/advisories/29920"
}, },
{ {
"name" : "DSA-1560", "name": "28898",
"refsource" : "DEBIAN", "refsource": "BID",
"url" : "https://www.debian.org/security/2008/dsa-1560" "url": "http://www.securityfocus.com/bid/28898"
}, },
{ {
"name" : "FEDORA-2008-3460", "name": "30649",
"refsource" : "FEDORA", "refsource": "SECUNIA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00444.html" "url": "http://secunia.com/advisories/30649"
}, },
{ {
"name" : "FEDORA-2008-3543", "name": "1019934",
"refsource" : "FEDORA", "refsource": "SECTRACK",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html" "url": "http://www.securitytracker.com/id?1019934"
}, },
{ {
"name" : "28898", "name": "FEDORA-2008-3543",
"refsource" : "BID", "refsource": "FEDORA",
"url" : "http://www.securityfocus.com/bid/28898" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00427.html"
}, },
{ {
"name" : "51238", "name": "20080422 Horde Webmail XSS [Aria-Security]",
"refsource" : "OSVDB", "refsource": "BUGTRAQ",
"url" : "http://osvdb.org/51238" "url": "http://www.securityfocus.com/archive/1/491230/100/0/threaded"
}, },
{ {
"name" : "ADV-2008-1373", "name": "horde-webmail-addevent-xss(41974)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2008/1373/references" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41974"
}, },
{ {
"name" : "1019934", "name": "ADV-2008-1373",
"refsource" : "SECTRACK", "refsource": "VUPEN",
"url" : "http://www.securitytracker.com/id?1019934" "url": "http://www.vupen.com/english/advisories/2008/1373/references"
}, },
{ {
"name" : "29920", "name": "DSA-1560",
"refsource" : "SECUNIA", "refsource": "DEBIAN",
"url" : "http://secunia.com/advisories/29920" "url": "https://www.debian.org/security/2008/dsa-1560"
}, },
{ {
"name" : "30649", "name": "3831",
"refsource" : "SECUNIA", "refsource": "SREASON",
"url" : "http://secunia.com/advisories/30649" "url": "http://securityreason.com/securityalert/3831"
}, },
{ {
"name" : "3831", "name": "http://forum.aria-security.com/showthread.php?t=49",
"refsource" : "SREASON", "refsource": "MISC",
"url" : "http://securityreason.com/securityalert/3831" "url": "http://forum.aria-security.com/showthread.php?t=49"
}, },
{ {
"name" : "horde-webmail-addevent-xss(41974)", "name": "[kronolith] 20080427 Kronolith H3 (2.1.8) (final)",
"refsource" : "XF", "refsource": "MLIST",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41974" "url": "http://lists.horde.org/archives/kronolith/Week-of-Mon-20080421/006807.html"
} }
] ]
} }

80
2008/4xxx/CVE-2008-4650.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4650", "ID": "CVE-2008-4650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter." "value": "SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6760", "name": "31773",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/6760" "url": "http://www.securityfocus.com/bid/31773"
}, },
{ {
"name" : "31773", "name": "4457",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/31773" "url": "http://securityreason.com/securityalert/4457"
}, },
{ {
"name" : "4457", "name": "myevent-viewevent-sql-injection(45919)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/4457" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45919"
}, },
{ {
"name" : "myevent-viewevent-sql-injection(45919)", "name": "6760",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45919" "url": "https://www.exploit-db.com/exploits/6760"
} }
] ]
} }

92
2008/4xxx/CVE-2008-4748.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4748", "ID": "CVE-2008-4748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI." "value": "Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6832", "name": "6832",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6832" "url": "https://www.exploit-db.com/exploits/6832"
}, },
{ {
"name" : "31912", "name": "31912",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/31912" "url": "http://www.securityfocus.com/bid/31912"
}, },
{ {
"name" : "32410", "name": "kvirc-irc-format-string(46114)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/32410" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114"
}, },
{ {
"name" : "ADV-2008-2926", "name": "4508",
"refsource" : "VUPEN", "refsource": "SREASON",
"url" : "http://www.vupen.com/english/advisories/2008/2926" "url": "http://securityreason.com/securityalert/4508"
}, },
{ {
"name" : "4508", "name": "ADV-2008-2926",
"refsource" : "SREASON", "refsource": "VUPEN",
"url" : "http://securityreason.com/securityalert/4508" "url": "http://www.vupen.com/english/advisories/2008/2926"
}, },
{ {
"name" : "kvirc-irc-format-string(46114)", "name": "32410",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46114" "url": "http://secunia.com/advisories/32410"
} }
] ]
} }

86
2008/5xxx/CVE-2008-5447.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2008-5447", "ID": "CVE-2008-5447",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." "value": "Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", "name": "33525",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" "url": "http://secunia.com/advisories/33525"
}, },
{ {
"name" : "33177", "name": "ADV-2009-0115",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/33177" "url": "http://www.vupen.com/english/advisories/2009/0115"
}, },
{ {
"name" : "ADV-2009-0115", "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource" : "VUPEN", "refsource": "CONFIRM",
"url" : "http://www.vupen.com/english/advisories/2009/0115" "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
}, },
{ {
"name" : "1021569", "name": "33177",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id?1021569" "url": "http://www.securityfocus.com/bid/33177"
}, },
{ {
"name" : "33525", "name": "1021569",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/33525" "url": "http://www.securitytracker.com/id?1021569"
} }
] ]
} }

74
2008/5xxx/CVE-2008-5656.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5656", "ID": "CVE-2008-5656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." "value": "Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/", "name": "typo3-felogin-xss(46591)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591"
}, },
{ {
"name" : "32284", "name": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/32284" "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/"
}, },
{ {
"name" : "typo3-felogin-xss(46591)", "name": "32284",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46591" "url": "http://www.securityfocus.com/bid/32284"
} }
] ]
} }

86
2008/5xxx/CVE-2008-5865.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5865", "ID": "CVE-2008-5865",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php." "value": "SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7538", "name": "33215",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "https://www.exploit-db.com/exploits/7538" "url": "http://secunia.com/advisories/33215"
}, },
{ {
"name" : "32951", "name": "4870",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/32951" "url": "http://securityreason.com/securityalert/4870"
}, },
{ {
"name" : "33215", "name": "32951",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/33215" "url": "http://www.securityfocus.com/bid/32951"
}, },
{ {
"name" : "4870", "name": "joomlahbs-index-sql-injection(47539)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/4870" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47539"
}, },
{ {
"name" : "joomlahbs-index-sql-injection(47539)", "name": "7538",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47539" "url": "https://www.exploit-db.com/exploits/7538"
} }
] ]
} }

104
2013/0xxx/CVE-2013-0777.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-0777", "ID": "CVE-2013-0777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." "value": "Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=798691",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html" "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798691"
}, },
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798691", "name": "USN-1729-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798691" "url": "http://www.ubuntu.com/usn/USN-1729-1"
}, },
{ {
"name" : "openSUSE-SU-2013:0323", "name": "USN-1729-2",
"refsource" : "SUSE", "refsource": "UBUNTU",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html" "url": "http://www.ubuntu.com/usn/USN-1729-2"
}, },
{ {
"name" : "openSUSE-SU-2013:0324", "name": "USN-1748-1",
"refsource" : "SUSE", "refsource": "UBUNTU",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html" "url": "http://www.ubuntu.com/usn/USN-1748-1"
}, },
{ {
"name" : "USN-1729-1", "name": "openSUSE-SU-2013:0324",
"refsource" : "UBUNTU", "refsource": "SUSE",
"url" : "http://www.ubuntu.com/usn/USN-1729-1" "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html"
}, },
{ {
"name" : "USN-1729-2", "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "http://www.ubuntu.com/usn/USN-1729-2" "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html"
}, },
{ {
"name" : "USN-1748-1", "name": "openSUSE-SU-2013:0323",
"refsource" : "UBUNTU", "refsource": "SUSE",
"url" : "http://www.ubuntu.com/usn/USN-1748-1" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16977", "name": "oval:org.mitre.oval:def:16977",
"refsource" : "OVAL", "refsource": "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16977" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16977"
} }
] ]
} }

74
2013/3xxx/CVE-2013-3029.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-3029", "ID": "CVE-2013-3029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences." "value": "Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
}, },
{ {
"name" : "PM88746", "name": "PM88746",
"refsource" : "AIXAPAR", "refsource": "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746"
}, },
{ {
"name" : "was-cve20133029-csrf(84591)", "name": "was-cve20133029-csrf(84591)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84591" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84591"
} }
] ]
} }

62
2013/3xxx/CVE-2013-3360.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-3360", "ID": "CVE-2013-3360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359." "value": "Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3359."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-23.html", "name": "http://www.adobe.com/support/security/bulletins/apsb13-23.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-23.html" "url": "http://www.adobe.com/support/security/bulletins/apsb13-23.html"
} }
] ]
} }

74
2013/3xxx/CVE-2013-3425.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3425", "ID": "CVE-2013-3425",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965." "value": "The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability", "name": "20130730 Cisco WebEx Information Disclosure through Inconsistent Error Messages Vulnerability",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425" "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3425"
}, },
{ {
"name" : "95876", "name": "cisco-webex-cve20133425-info-disc(86150)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/95876" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150"
}, },
{ {
"name" : "cisco-webex-cve20133425-info-disc(86150)", "name": "95876",
"refsource" : "XF", "refsource": "OSVDB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86150" "url": "http://osvdb.org/95876"
} }
] ]
} }

62
2013/3xxx/CVE-2013-3601.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-3601", "ID": "CVE-2013-3601",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter." "value": "Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "VU#960908", "name": "VU#960908",
"refsource" : "CERT-VN", "refsource": "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/960908" "url": "http://www.kb.cert.org/vuls/id/960908"
} }
] ]
} }

110
2013/4xxx/CVE-2013-4547.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4547", "ID": "CVE-2013-4547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI." "value": "nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)", "name": "55757",
"refsource" : "MLIST", "refsource": "SECUNIA",
"url" : "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" "url": "http://secunia.com/advisories/55757"
}, },
{ {
"name" : "DSA-2802", "name": "SUSE-SU-2013:1895",
"refsource" : "DEBIAN", "refsource": "SUSE",
"url" : "http://www.debian.org/security/2012/dsa-2802" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html"
}, },
{ {
"name" : "openSUSE-SU-2013:1745", "name": "openSUSE-SU-2013:1745",
"refsource" : "SUSE", "refsource": "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html" "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00084.html"
}, },
{ {
"name" : "openSUSE-SU-2013:1791", "name": "55825",
"refsource" : "SUSE", "refsource": "SECUNIA",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html" "url": "http://secunia.com/advisories/55825"
}, },
{ {
"name" : "openSUSE-SU-2013:1792", "name": "55822",
"refsource" : "SUSE", "refsource": "SECUNIA",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html" "url": "http://secunia.com/advisories/55822"
}, },
{ {
"name" : "SUSE-SU-2013:1895", "name": "openSUSE-SU-2013:1792",
"refsource" : "SUSE", "refsource": "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00007.html" "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00119.html"
}, },
{ {
"name" : "55757", "name": "openSUSE-SU-2013:1791",
"refsource" : "SECUNIA", "refsource": "SUSE",
"url" : "http://secunia.com/advisories/55757" "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00118.html"
}, },
{ {
"name" : "55822", "name": "DSA-2802",
"refsource" : "SECUNIA", "refsource": "DEBIAN",
"url" : "http://secunia.com/advisories/55822" "url": "http://www.debian.org/security/2012/dsa-2802"
}, },
{ {
"name" : "55825", "name": "[nginx-announce] 20131119 nginx security advisory (CVE-2013-4547)",
"refsource" : "SECUNIA", "refsource": "MLIST",
"url" : "http://secunia.com/advisories/55825" "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
} }
] ]
} }

22
2013/4xxx/CVE-2013-4763.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4763", "ID": "CVE-2013-4763",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2013/4xxx/CVE-2013-4777.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4777", "ID": "CVE-2013-4777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object." "value": "A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J", "name": "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J" "url": "https://plus.google.com/110348415484169880343/posts/5ofgPNrSu3J"
} }
] ]
} }

98
2013/4xxx/CVE-2013-4800.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2013-4800", "ID": "CVE-2013-4800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735." "value": "Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-169", "name": "http://packetstormsecurity.com/files/123533",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-169" "url": "http://packetstormsecurity.com/files/123533"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/123533", "name": "SSRT101117",
"refsource" : "MISC", "refsource": "HP",
"url" : "http://packetstormsecurity.com/files/123533" "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}, },
{ {
"name" : "HPSBGN02905", "name": "hp-loadrunner-cve20134800-code-exec(85960)",
"refsource" : "HP", "refsource": "XF",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960"
}, },
{ {
"name" : "SSRT101117", "name": "95644",
"refsource" : "HP", "refsource": "OSVDB",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772" "url": "http://osvdb.org/95644"
}, },
{ {
"name" : "61446", "name": "61446",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/61446" "url": "http://www.securityfocus.com/bid/61446"
}, },
{ {
"name" : "95644", "name": "HPSBGN02905",
"refsource" : "OSVDB", "refsource": "HP",
"url" : "http://osvdb.org/95644" "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03862772"
}, },
{ {
"name" : "hp-loadrunner-cve20134800-code-exec(85960)", "name": "http://www.zerodayinitiative.com/advisories/ZDI-13-169",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85960" "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-169"
} }
] ]
} }

68
2013/6xxx/CVE-2013-6114.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6114", "ID": "CVE-2013-6114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file." "value": "Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "28811", "name": "28811",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/28811/" "url": "http://www.exploit-db.com/exploits/28811/"
}, },
{ {
"name" : "http://support.apple.com/kb/HT6041", "name": "http://support.apple.com/kb/HT6041",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://support.apple.com/kb/HT6041" "url": "http://support.apple.com/kb/HT6041"
} }
] ]
} }

22
2013/6xxx/CVE-2013-6234.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6234", "ID": "CVE-2013-6234",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2013/7xxx/CVE-2013-7154.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7154", "ID": "CVE-2013-7154",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

86
2013/7xxx/CVE-2013-7304.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7304", "ID": "CVE-2013-7304",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client." "value": "Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784", "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784" "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784"
}, },
{ {
"name" : "65135", "name": "56744",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/65135" "url": "http://secunia.com/advisories/56744"
}, },
{ {
"name" : "1029704", "name": "checkpoint-cve20137304-spoofing(90674)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id/1029704" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90674"
}, },
{ {
"name" : "56744", "name": "65135",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/56744" "url": "http://www.securityfocus.com/bid/65135"
}, },
{ {
"name" : "checkpoint-cve20137304-spoofing(90674)", "name": "1029704",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90674" "url": "http://www.securitytracker.com/id/1029704"
} }
] ]
} }

98
2013/7xxx/CVE-2013-7448.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7448", "ID": "CVE-2013-7448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get." "value": "Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20160218 CVE request: didiwiki path traversal vulnerability", "name": "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/19/4" "url": "http://www.openwall.com/lists/oss-security/2016/02/19/5"
}, },
{ {
"name" : "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", "name": "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea",
"refsource" : "MLIST", "refsource": "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/19/5" "url": "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea"
}, },
{ {
"name" : "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", "name": "https://github.com/OpenedHand/didiwiki/pull/1/files",
"refsource" : "MLIST", "refsource": "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/19/6" "url": "https://github.com/OpenedHand/didiwiki/pull/1/files"
}, },
{ {
"name" : "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability", "name": "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/19/7" "url": "http://www.openwall.com/lists/oss-security/2016/02/19/7"
}, },
{ {
"name" : "https://github.com/OpenedHand/didiwiki/pull/1/files", "name": "[oss-security] 20160219 Re: CVE request: didiwiki path traversal vulnerability",
"refsource" : "MISC", "refsource": "MLIST",
"url" : "https://github.com/OpenedHand/didiwiki/pull/1/files" "url": "http://www.openwall.com/lists/oss-security/2016/02/19/6"
}, },
{ {
"name" : "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea", "name": "[oss-security] 20160218 CVE request: didiwiki path traversal vulnerability",
"refsource" : "MISC", "refsource": "MLIST",
"url" : "https://github.com/yarolig/didiwiki/commit/5e5c796617e1712905dc5462b94bd5e6c08d15ea" "url": "http://www.openwall.com/lists/oss-security/2016/02/19/4"
}, },
{ {
"name" : "DSA-3485", "name": "DSA-3485",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3485" "url": "http://www.debian.org/security/2016/dsa-3485"
} }
] ]
} }

76
2017/10xxx/CVE-2017-10210.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10210", "ID": "CVE-2017-10210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Oracle VM VirtualBox", "product_name": "Oracle VM VirtualBox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.1.24" "version_value": "5.1.24"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)." "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data." "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "99640",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "url": "http://www.securityfocus.com/bid/99640"
}, },
{ {
"name" : "99640", "name": "1038929",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/99640" "url": "http://www.securitytracker.com/id/1038929"
}, },
{ {
"name" : "1038929", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1038929" "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
} }
] ]
} }

98
2017/10xxx/CVE-2017-10276.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10276", "ID": "CVE-2017-10276",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.6.37 and earlier" "version_value": "5.6.37 and earlier"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.19 and earlier" "version_value": "5.7.19 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
}, },
{ {
"name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", "name": "RHSA-2017:3265",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" "url": "https://access.redhat.com/errata/RHSA-2017:3265"
}, },
{ {
"name" : "RHSA-2017:3265", "name": "1039597",
"refsource" : "REDHAT", "refsource": "SECTRACK",
"url" : "https://access.redhat.com/errata/RHSA-2017:3265" "url": "http://www.securitytracker.com/id/1039597"
}, },
{ {
"name" : "RHSA-2017:3442", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2017:3442" "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
}, },
{ {
"name" : "101441", "name": "101441",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/101441" "url": "http://www.securityfocus.com/bid/101441"
}, },
{ {
"name" : "1039597", "name": "RHSA-2017:3442",
"refsource" : "SECTRACK", "refsource": "REDHAT",
"url" : "http://www.securitytracker.com/id/1039597" "url": "https://access.redhat.com/errata/RHSA-2017:3442"
} }
] ]
} }

62
2017/10xxx/CVE-2017-10754.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10754", "ID": "CVE-2017-10754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\"" "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754", "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754" "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754"
} }
] ]
} }

74
2017/10xxx/CVE-2017-10994.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10994", "ID": "CVE-2017-10994",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document." "value": "Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "name": "99499",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "http://www.securityfocus.com/bid/99499"
}, },
{ {
"name" : "99499", "name": "1039113",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/99499" "url": "http://www.securitytracker.com/id/1039113"
}, },
{ {
"name" : "1039113", "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1039113" "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
} }
] ]
} }

74
2017/12xxx/CVE-2017-12272.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12272", "ID": "CVE-2017-12272",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XE", "product_name": "Cisco IOS XE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XE" "version_value": "Cisco IOS XE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516." "value": "A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-79" "value": "CWE-79"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe", "name": "1039627",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe" "url": "http://www.securitytracker.com/id/1039627"
}, },
{ {
"name" : "101494", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/101494" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe"
}, },
{ {
"name" : "1039627", "name": "101494",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1039627" "url": "http://www.securityfocus.com/bid/101494"
} }
] ]
} }

86
2017/12xxx/CVE-2017-12374.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12374", "ID": "CVE-2017-12374",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ClamAV AntiVirus software versions 0.99.2 and prior", "product_name": "ClamAV AntiVirus software versions 0.99.2 and prior",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ClamAV AntiVirus software versions 0.99.2 and prior" "version_value": "ClamAV AntiVirus software versions 0.99.2 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition." "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "use-after-free" "value": "use-after-free"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "name": "USN-3550-1",
"refsource" : "MLIST", "refsource": "UBUNTU",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" "url": "https://usn.ubuntu.com/3550-1/"
}, },
{ {
"name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name": "USN-3550-2",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" "url": "https://usn.ubuntu.com/3550-2/"
}, },
{ {
"name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939" "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"
}, },
{ {
"name" : "USN-3550-1", "name": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "https://usn.ubuntu.com/3550-1/" "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"
}, },
{ {
"name" : "USN-3550-2", "name": "https://bugzilla.clamav.net/show_bug.cgi?id=11939",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "https://usn.ubuntu.com/3550-2/" "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"
} }
] ]
} }

62
2017/12xxx/CVE-2017-12586.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12586", "ID": "CVE-2017-12586",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users." "value": "SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/slims/slims8_akasia/issues/48", "name": "https://github.com/slims/slims8_akasia/issues/48",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/slims/slims8_akasia/issues/48" "url": "https://github.com/slims/slims8_akasia/issues/48"
} }
] ]
} }

64
2017/13xxx/CVE-2017-13163.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00", "DATE_PUBLIC": "2017-12-04T00:00:00",
"ID" : "CVE-2017-13163", "ID": "CVE-2017-13163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android kernel" "version_value": "Android kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972." "value": "An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Elevation of privilege" "value": "Elevation of privilege"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", "name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" "url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
} }
] ]
} }

64
2017/13xxx/CVE-2017-13652.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC" : "2018-07-31T00:00:00", "DATE_PUBLIC": "2018-07-31T00:00:00",
"ID" : "CVE-2017-13652", "ID": "CVE-2017-13652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface." "value": "NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://security.netapp.com/advisory/ntap-20180731-0001/", "name": "https://security.netapp.com/advisory/ntap-20180731-0001/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180731-0001/" "url": "https://security.netapp.com/advisory/ntap-20180731-0001/"
} }
] ]
} }

74
2017/13xxx/CVE-2017-13706.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13706", "ID": "CVE-2017-13706",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705." "value": "XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20171007 CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability", "name": "20171007 CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability",
"refsource" : "FULLDISC", "refsource": "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Oct/14" "url": "http://seclists.org/fulldisclosure/2017/Oct/14"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html", "name": "https://www.lansweeper.com/changelog.aspx",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html" "url": "https://www.lansweeper.com/changelog.aspx"
}, },
{ {
"name" : "https://www.lansweeper.com/changelog.aspx", "name": "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://www.lansweeper.com/changelog.aspx" "url": "http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html"
} }
] ]
} }

110
2017/17xxx/CVE-2017-17044.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17044", "ID": "CVE-2017-17044",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors." "value": "An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update", "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html" "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
}, },
{ {
"name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", "name": "102129",
"refsource" : "MLIST", "refsource": "BID",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" "url": "http://www.securityfocus.com/bid/102129"
}, },
{ {
"name" : "https://xenbits.xen.org/xsa/advisory-246.html", "name": "https://xenbits.xen.org/xsa/advisory-246.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-246.html" "url": "https://xenbits.xen.org/xsa/advisory-246.html"
}, },
{ {
"name" : "https://support.citrix.com/article/CTX230138", "name": "[debian-lts-announce] 20180105 [SECURITY] [DLA 1230-1] xen security update",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "https://support.citrix.com/article/CTX230138" "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html"
}, },
{ {
"name" : "GLSA-201801-14", "name": "102008",
"refsource" : "GENTOO", "refsource": "BID",
"url" : "https://security.gentoo.org/glsa/201801-14" "url": "http://www.securityfocus.com/bid/102008"
}, },
{ {
"name" : "102008", "name": "1039878",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/102008" "url": "http://www.securitytracker.com/id/1039878"
}, },
{ {
"name" : "102129", "name": "GLSA-201801-14",
"refsource" : "BID", "refsource": "GENTOO",
"url" : "http://www.securityfocus.com/bid/102129" "url": "https://security.gentoo.org/glsa/201801-14"
}, },
{ {
"name" : "105954", "name": "105954",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/105954" "url": "http://www.securityfocus.com/bid/105954"
}, },
{ {
"name" : "1039878", "name": "https://support.citrix.com/article/CTX230138",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1039878" "url": "https://support.citrix.com/article/CTX230138"
} }
] ]
} }

62
2017/17xxx/CVE-2017-17293.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17293", "ID": "CVE-2017-17293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,MAX PRESENCE,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206", "product_name": "AR120-S,AR1200,AR1200-S,AR150,AR150-S,AR160,AR200,AR200-S,AR2200,AR2200-S,AR3200,AR3600,AR510,DP300,MAX PRESENCE,NetEngine16EX,RP200,SRG1300,SRG2300,SRG3300,TE30,TE40,TE50,TE60,TP3106,TP3206",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10" "version_value": "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal." "value": "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "buffer overflow" "value": "buffer overflow"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en" "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-06-xml-en"
} }
] ]
} }

92
2017/17xxx/CVE-2017-17501.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17501", "ID": "CVE-2017-17501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file." "value": "WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", "name": "https://sourceforge.net/p/graphicsmagick/bugs/526/",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" "url": "https://sourceforge.net/p/graphicsmagick/bugs/526/"
}, },
{ {
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", "name": "DSA-4321",
"refsource" : "MLIST", "refsource": "DEBIAN",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" "url": "https://www.debian.org/security/2018/dsa-4321"
}, },
{ {
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4", "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4" "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
}, },
{ {
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/526/", "name": "102185",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/526/" "url": "http://www.securityfocus.com/bid/102185"
}, },
{ {
"name" : "DSA-4321", "name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update",
"refsource" : "DEBIAN", "refsource": "MLIST",
"url" : "https://www.debian.org/security/2018/dsa-4321" "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html"
}, },
{ {
"name" : "102185", "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/102185" "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4"
} }
] ]
} }

68
2017/17xxx/CVE-2017-17611.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17611", "ID": "CVE-2017-17611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Doctor Search Script 1.0 has SQL Injection via the /list city parameter." "value": "Doctor Search Script 1.0 has SQL Injection via the /list city parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "43276", "name": "43276",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43276/" "url": "https://www.exploit-db.com/exploits/43276/"
}, },
{ {
"name" : "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html", "name": "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html" "url": "https://packetstormsecurity.com/files/145312/Doctor-Search-Script-1.0-SQL-Injection.html"
} }
] ]
} }

88
2018/0xxx/CVE-2018-0450.json
View File

@ -1,84 +1,84 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-05T16:00:00-0500", "DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID" : "CVE-2018-0450", "ID": "CVE-2018-0450",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Data Center Network Manager Cross-Site Scripting Vulnerability" "TITLE": "Cisco Data Center Network Manager Cross-Site Scripting Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Data Center Network Manager ", "product_name": "Cisco Data Center Network Manager ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : { "cvss": {
"baseScore" : "6.1", "baseScore": "6.1",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-79" "value": "CWE-79"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20180905 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability", "name": "105288",
"refsource" : "CISCO", "refsource": "BID",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss" "url": "http://www.securityfocus.com/bid/105288"
}, },
{ {
"name" : "105288", "name": "20180905 Cisco Data Center Network Manager Cross-Site Scripting Vulnerability",
"refsource" : "BID", "refsource": "CISCO",
"url" : "http://www.securityfocus.com/bid/105288" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss"
} }
] ]
}, },
"source" : { "source": {
"advisory" : "cisco-sa-20180905-dcnm-xss", "advisory": "cisco-sa-20180905-dcnm-xss",
"defect" : [ "defect": [
[ [
"CSCvh70379" "CSCvh70379"
] ]
], ],
"discovery" : "UNKNOWN" "discovery": "UNKNOWN"
} }
} }

76
2018/0xxx/CVE-2018-0791.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00", "DATE_PUBLIC": "2018-01-09T00:00:00",
"ID" : "CVE-2018-0791", "ID": "CVE-2018-0791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Outlook", "product_name": "Microsoft Outlook",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016" "version_value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793." "value": "Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka \"Microsoft Outlook Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0793."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Remote Code Execution" "value": "Remote Code Execution"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791", "name": "1040154",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791" "url": "http://www.securitytracker.com/id/1040154"
}, },
{ {
"name" : "102383", "name": "102383",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/102383" "url": "http://www.securityfocus.com/bid/102383"
}, },
{ {
"name" : "1040154", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1040154" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791"
} }
] ]
} }

68
2018/18xxx/CVE-2018-18319.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18319", "ID": "CVE-2018-18319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution." "value": "** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://blog.51cto.com/010bjsoft/2298902", "name": "http://blog.51cto.com/010bjsoft/2298902",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://blog.51cto.com/010bjsoft/2298902" "url": "http://blog.51cto.com/010bjsoft/2298902"
}, },
{ {
"name" : "https://github.com/qoli/Merlin.PHP/issues/27", "name": "https://github.com/qoli/Merlin.PHP/issues/27",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/qoli/Merlin.PHP/issues/27" "url": "https://github.com/qoli/Merlin.PHP/issues/27"
} }
] ]
} }

22
2018/18xxx/CVE-2018-18538.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18538", "ID": "CVE-2018-18538",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/18xxx/CVE-2018-18625.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18625", "ID": "CVE-2018-18625",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2018/18xxx/CVE-2018-18628.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18628", "ID": "CVE-2018-18628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution." "value": "An issue was discovered in Pippo 1.11.0. The function SerializationSessionDataTranscoder.decode() calls ObjectInputStream.readObject() to deserialize a SessionData object without checking the object types. An attacker can create a malicious object, base64 encode it, and place it in the PIPPO_SESSION field of a cookie. Sending this cookie may lead to remote code execution."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/pippo-java/pippo/issues/458", "name": "https://github.com/pippo-java/pippo/issues/458",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/pippo-java/pippo/issues/458" "url": "https://github.com/pippo-java/pippo/issues/458"
} }
] ]
} }

22
2018/19xxx/CVE-2018-19285.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19285", "ID": "CVE-2018-19285",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/19xxx/CVE-2018-19730.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-19730", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2018-19730",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }

76
2018/1xxx/CVE-2018-1158.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-08-22T00:00:00", "DATE_PUBLIC": "2018-08-22T00:00:00",
"ID" : "CVE-2018-1158", "ID": "CVE-2018-1158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON." "value": "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.tenable.com/security/research/tra-2018-21", "name": "https://www.tenable.com/security/research/tra-2018-21",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-21" "url": "https://www.tenable.com/security/research/tra-2018-21"
}, },
{ {
"name" : "https://mikrotik.com/download/changelogs", "name": "https://mikrotik.com/download/changelogs",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://mikrotik.com/download/changelogs" "url": "https://mikrotik.com/download/changelogs"
}, },
{ {
"name" : "https://mikrotik.com/download/changelogs/bugfix-release-tree", "name": "https://mikrotik.com/download/changelogs/bugfix-release-tree",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://mikrotik.com/download/changelogs/bugfix-release-tree" "url": "https://mikrotik.com/download/changelogs/bugfix-release-tree"
} }
] ]
} }

70
2018/1xxx/CVE-2018-1200.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00", "DATE_PUBLIC": "2018-02-13T00:00:00",
"ID" : "CVE-2018-1200", "ID": "CVE-2018-1200",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apps Manager for PCF", "product_name": "Apps Manager for PCF",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected." "version_value": "Pivotal Application Service: 1.11.x versions prior to 1.11.26, 1.12.x versions prior to 1.12.14, 2.0.x versions prior to 2.0.5, Please note: PAS versions prior to 1.11 are not affected."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links." "value": "Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted links."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "File Access Vulnerability" "value": "File Access Vulnerability"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://pivotal.io/security/cve-2018-1200", "name": "https://pivotal.io/security/cve-2018-1200",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-1200" "url": "https://pivotal.io/security/cve-2018-1200"
}, },
{ {
"name" : "103042", "name": "103042",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103042" "url": "http://www.securityfocus.com/bid/103042"
} }
] ]
} }

78
2018/1xxx/CVE-2018-1217.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00", "DATE_PUBLIC": "2018-04-05T00:00:00",
"ID" : "CVE-2018-1217", "ID": "CVE-2018-1217",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Avamar, Integrated Data Protection Appliance", "product_name": "Avamar, Integrated Data Protection Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Avamar Server versions 7.3.1, 7.4.1, 7.5.0" "version_value": "Avamar Server versions 7.3.1, 7.4.1, 7.5.0"
}, },
{ {
"version_value" : "Integrated Data Protection Appliance Versions 2.0, 2.1" "version_value": "Integrated Data Protection Appliance Versions 2.0, 2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials." "value": "Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Missing Access Control Vulnerability" "value": "Missing Access Control Vulnerability"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "44441", "name": "44441",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44441/" "url": "https://www.exploit-db.com/exploits/44441/"
}, },
{ {
"name" : "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability", "name": "1040641",
"refsource" : "FULLDISC", "refsource": "SECTRACK",
"url" : "http://seclists.org/fulldisclosure/2018/Apr/14" "url": "http://www.securitytracker.com/id/1040641"
}, },
{ {
"name" : "1040641", "name": "20180405 DSA-2018-025: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability",
"refsource" : "SECTRACK", "refsource": "FULLDISC",
"url" : "http://www.securitytracker.com/id/1040641" "url": "http://seclists.org/fulldisclosure/2018/Apr/14"
} }
] ]
} }

110
2018/1xxx/CVE-2018-1891.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-13T00:00:00", "DATE_PUBLIC": "2018-12-13T00:00:00",
"ID" : "CVE-2018-1891", "ID": "CVE-2018-1891",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security Guardium", "product_name": "Security Guardium",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10" "version_value": "10"
}, },
{ {
"version_value" : "10.5" "version_value": "10.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082." "value": "IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152082."
} }
] ]
}, },
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"BM" : { "BM": {
"A" : "N", "A": "N",
"AC" : "L", "AC": "L",
"AV" : "N", "AV": "N",
"C" : "L", "C": "L",
"I" : "L", "I": "L",
"PR" : "L", "PR": "L",
"S" : "C", "S": "C",
"SCORE" : "5.400", "SCORE": "5.400",
"UI" : "R" "UI": "R"
}, },
"TM" : { "TM": {
"E" : "H", "E": "H",
"RC" : "C", "RC": "C",
"RL" : "O" "RL": "O"
} }
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-Site Scripting" "value": "Cross-Site Scripting"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10742865", "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742865",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10742865" "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742865"
}, },
{ {
"name" : "106239", "name": "ibm-guardium-cve20181891-xss(152082)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/106239" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152082"
}, },
{ {
"name" : "ibm-guardium-cve20181891-xss(152082)", "name": "106239",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152082" "url": "http://www.securityfocus.com/bid/106239"
} }
] ]
} }

68
2018/5xxx/CVE-2018-5651.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5651", "ID": "CVE-2018-5651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter." "value": "An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md", "name": "https://wpvulndb.com/vulnerabilities/9008",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md" "url": "https://wpvulndb.com/vulnerabilities/9008"
}, },
{ {
"name" : "https://wpvulndb.com/vulnerabilities/9008", "name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/9008" "url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/dark-mode.md"
} }
] ]
} }