admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:07:40 +00:00
parent f2e27c8b64
commit dd59e15317
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
44 changed files with 3402 additions and 3402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2008/0xxx/CVE-2008-0166.json
View File

@ -1,176 +1,176 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0166",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0166",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
"lang": "eng",
"value": "OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080515 Debian generated SSH-Keys working exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
"name": "DSA-1576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1576"
},
{
"name" : "5622",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5622"
"name": "5622",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5622"
},
{
"name" : "5632",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5632"
"name": "30221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30221"
},
{
"name" : "5720",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5720"
"name": "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel"
},
{
"name" : "[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel"
"name": "DSA-1571",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1571"
},
{
"name" : "http://metasploit.com/users/hdm/tools/debian-openssl/",
"refsource" : "MISC",
"url" : "http://metasploit.com/users/hdm/tools/debian-openssl/"
"name": "29179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29179"
},
{
"name" : "DSA-1571",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1571"
"name": "20080515 Debian generated SSH-Keys working exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded"
},
{
"name" : "DSA-1576",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1576"
"name": "30239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30239"
},
{
"name" : "USN-612-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-612-1"
"name": "30220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30220"
},
{
"name" : "USN-612-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-612-2"
"name": "USN-612-7",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-612-7"
},
{
"name" : "USN-612-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-612-3"
"name": "30231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30231"
},
{
"name" : "USN-612-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-612-4"
"name": "openssl-rng-weak-security(42375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
},
{
"name" : "USN-612-7",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-612-7"
"name": "http://metasploit.com/users/hdm/tools/debian-openssl/",
"refsource": "MISC",
"url": "http://metasploit.com/users/hdm/tools/debian-openssl/"
},
{
"name" : "TA08-137A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
"name": "30249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30249"
},
{
"name" : "VU#925211",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/925211"
"name": "1020017",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020017"
},
{
"name" : "29179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29179"
"name": "5632",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5632"
},
{
"name" : "1020017",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020017"
"name": "USN-612-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-612-4"
},
{
"name" : "30220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30220"
"name": "USN-612-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-612-2"
},
{
"name" : "30221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30221"
"name": "TA08-137A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html"
},
{
"name" : "30231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30231"
"name": "VU#925211",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/925211"
},
{
"name" : "30239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30239"
"name": "5720",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5720"
},
{
"name" : "30249",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30249"
"name": "30136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30136"
},
{
"name" : "30136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30136"
"name": "USN-612-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-612-3"
},
{
"name" : "openssl-rng-weak-security(42375)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42375"
"name": "USN-612-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-612-1"
}
]
}

116
2008/0xxx/CVE-2008-0349.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0349",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0349",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02."
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
"name": "1019218",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019218"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
"name": "27229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27229"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
"name": "TA08-017A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
},
{
"name" : "TA08-017A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
"name": "ADV-2008-0150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0150"
},
{
"name" : "27229",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27229"
"name": "ADV-2008-0180",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0180"
},
{
"name" : "ADV-2008-0150",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0150"
"name": "SSRT061201",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name" : "ADV-2008-0180",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0180"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
},
{
"name" : "1019218",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019218"
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name" : "28518",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28518"
"name": "28556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28556"
},
{
"name" : "28556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28556"
"name": "28518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28518"
}
]
}

86
2008/0xxx/CVE-2008-0698.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0698",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0698",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\""
"lang": "eng",
"value": "Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving \"invalid memory access.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
"name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
},
{
"name" : "IZ05496",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
"name": "27681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27681"
},
{
"name" : "27681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27681"
"name": "28771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28771"
},
{
"name" : "ADV-2008-0401",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0401"
"name": "ADV-2008-0401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0401"
},
{
"name" : "28771",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28771"
"name": "IZ05496",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496"
}
]
}

98
2008/1xxx/CVE-2008-1329.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1329",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1329",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to \"insufficient verification of file uploads.\""
"lang": "eng",
"value": "Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to \"insufficient verification of file uploads.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080404 CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490463/100/0/threaded"
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105"
"name": "ca-arcserverbackup-netbackup-code-execution(41642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41642"
},
{
"name" : "28616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28616"
"name": "3800",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3800"
},
{
"name" : "ADV-2008-1104",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1104/references"
"name": "28616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28616"
},
{
"name" : "1019788",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019788"
"name": "20080404 CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490463/100/0/threaded"
},
{
"name" : "3800",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3800"
"name": "1019788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019788"
},
{
"name" : "ca-arcserverbackup-netbackup-code-execution(41642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41642"
"name": "ADV-2008-1104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1104/references"
}
]
}

62
2008/1xxx/CVE-2008-1432.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1432",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1432",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "29441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29441"
"name": "29441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29441"
}
]
}

116
2008/4xxx/CVE-2008-4728.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4728",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4728",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders."
"lang": "eng",
"value": "Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6773",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6773"
"name": "6773",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6773"
},
{
"name" : "6774",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6774"
"name": "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html"
},
{
"name" : "6776",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6776"
"name": "6774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6774"
},
{
"name" : "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html",
"refsource" : "MISC",
"url" : "http://www.shinnai.net/xplits/TXT_2XfQ1sHruhjaoePszNTG.html"
"name": "31799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31799"
},
{
"name" : "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html",
"refsource" : "MISC",
"url" : "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html"
"name": "hummingbird-run-command-execution(45961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45961"
},
{
"name" : "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html",
"refsource" : "MISC",
"url" : "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html"
"name": "6776",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6776"
},
{
"name" : "31799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31799"
"name": "ADV-2008-2857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2857"
},
{
"name" : "ADV-2008-2857",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2857"
"name": "32337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32337"
},
{
"name" : "32337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32337"
"name": "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_L0z0Mimixdsko8kI6VFW.html"
},
{
"name" : "hummingbird-run-command-execution(45961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45961"
"name": "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_JqLchaIAfq4kSH0NsvJO.html"
}
]
}

164
2008/4xxx/CVE-2008-4818.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4818",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4818",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
},
{
"name" : "http://support.apple.com/kb/HT3338",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3338"
"name": "32129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32129"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
"name": "33390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33390"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
"refsource" : "CONFIRM",
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
"name": "ADV-2008-3444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name" : "APPLE-SA-2008-12-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
"name": "32702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32702"
},
{
"name" : "GLSA-200903-23",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml"
"name": "TA08-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name" : "RHSA-2008:0980",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
"name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
},
{
"name" : "248586",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
"name": "33179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33179"
},
{
"name" : "TA08-350A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
"name": "34226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34226"
},
{
"name" : "32129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32129"
"name": "adobe-flash-response-xss(46531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46531"
},
{
"name" : "34226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34226"
"name": "1021146",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021146"
},
{
"name" : "ADV-2008-3444",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3444"
"name": "GLSA-200903-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"name" : "1021146",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021146"
"name": "http://support.apple.com/kb/HT3338",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3338"
},
{
"name" : "32702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32702"
"name": "RHSA-2008:0980",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name" : "33179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33179"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name" : "33390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33390"
"name": "APPLE-SA-2008-12-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name" : "adobe-flash-response-xss(46531)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46531"
"name": "248586",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
}
]
}

22
2008/4xxx/CVE-2008-4857.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4857",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-4857",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}

80
2008/5xxx/CVE-2008-5443.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5443",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-5443",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
"name": "33525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33525"
},
{
"name" : "33177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33177"
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name" : "ADV-2009-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0115"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name" : "33525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33525"
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}

74
2008/5xxx/CVE-2008-5946.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5946",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5946",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.securityfocus.com/bid/30680/exploit",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/bid/30680/exploit"
"name": "http://www.securityfocus.com/bid/30680/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/30680/exploit"
},
{
"name" : "30680",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30680"
"name": "phpfusion-readmore-sql-injection(44456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44456"
},
{
"name" : "phpfusion-readmore-sql-injection(44456)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44456"
"name": "30680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30680"
}
]
}

22
2013/2xxx/CVE-2013-2159.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2159",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2159",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2013/2xxx/CVE-2013-2810.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2810",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2810",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack."
"lang": "eng",
"value": "Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A"
},
{
"name" : "71425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71425"
"name": "71425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71425"
},
{
"name" : "rtu-cve20142810-command-exec(99131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99131"
"name": "rtu-cve20142810-command-exec(99131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99131"
}
]
}

128
2013/3xxx/CVE-2013-3793.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3793",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3793",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language."
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
"name": "54300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54300"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
"name": "oracle-cpujuly2013-cve20133793(85710)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85710"
},
{
"name" : "DSA-2818",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2818"
"name": "DSA-2818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2818"
},
{
"name" : "SUSE-SU-2013:1390",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html"
"name": "95323",
"refsource": "OSVDB",
"url": "http://osvdb.org/95323"
},
{
"name" : "openSUSE-SU-2013:1335",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "openSUSE-SU-2013:1410",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html"
"name": "openSUSE-SU-2013:1335",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html"
},
{
"name" : "SUSE-SU-2013:1529",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html"
"name": "USN-1909-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1909-1"
},
{
"name" : "USN-1909-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1909-1"
"name": "SUSE-SU-2013:1390",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html"
},
{
"name" : "61264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61264"
"name": "openSUSE-SU-2013:1410",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html"
},
{
"name" : "95323",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95323"
"name": "61264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61264"
},
{
"name" : "54300",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54300"
"name": "SUSE-SU-2013:1529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html"
},
{
"name" : "oracle-cpujuly2013-cve20133793(85710)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85710"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}

68
2013/4xxx/CVE-2013-4749.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4749",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4749",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
"name": "typo3-usertaskcenter-unspecified-xss(81584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
},
{
"name" : "typo3-usertaskcenter-unspecified-xss(81584)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81584"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
}
]
}

62
2013/4xxx/CVE-2013-4768.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4768",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4768",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the \"network connection clean up code\" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB)."
"lang": "eng",
"value": "The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the \"network connection clean up code\" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.eucalyptus.com/resources/security/advisories/esa-15",
"refsource" : "CONFIRM",
"url" : "https://www.eucalyptus.com/resources/security/advisories/esa-15"
"name": "https://www.eucalyptus.com/resources/security/advisories/esa-15",
"refsource": "CONFIRM",
"url": "https://www.eucalyptus.com/resources/security/advisories/esa-15"
}
]
}

74
2013/4xxx/CVE-2013-4874.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4874",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4874",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable."
"lang": "eng",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name" : "VU#458007",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/458007"
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name" : "61169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61169"
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}

86
2013/6xxx/CVE-2013-6501.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6501",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6501",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c."
"lang": "eng",
"value": "The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1009103",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1009103"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1009103",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1009103"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "GLSA-201606-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-10"
"name": "SUSE-SU-2015:0436",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html"
},
{
"name" : "SUSE-SU-2015:0436",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html"
"name": "72530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72530"
},
{
"name" : "72530",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72530"
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}

22
2013/7xxx/CVE-2013-7007.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7007",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7007",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

76
2017/10xxx/CVE-2017-10200.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10200",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10200",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Hospitality e7",
"version" : {
"version_data" : [
"product_name": "Hospitality e7",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "4.2.1"
"version_affected": "=",
"version_value": "4.2.1"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality e7 accessible data as well as unauthorized read access to a subset of Oracle Hospitality e7 accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "99858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99858"
},
{
"name" : "99858",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99858"
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name" : "1038941",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038941"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

74
2017/10xxx/CVE-2017-10910.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10910",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10910",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "MQTT.js",
"version" : {
"version_data" : [
"product_name": "MQTT.js",
"version": {
"version_data": [
{
"version_value" : "2.x.x prior to 2.15.0"
"version_value": "2.x.x prior to 2.15.0"
}
]
}
}
]
},
"vendor_name" : "MQTT.js."
"vendor_name": "MQTT.js."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition."
"lang": "eng",
"value": "MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Buffer error"
"lang": "eng",
"value": "Buffer error"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923",
"refsource" : "MISC",
"url" : "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923"
"name": "JVN#45494523",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN45494523/index.html"
},
{
"name" : "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0",
"refsource" : "MISC",
"url" : "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0"
"name": "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0",
"refsource": "MISC",
"url": "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0"
},
{
"name" : "JVN#45494523",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN45494523/index.html"
"name": "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923",
"refsource": "MISC",
"url": "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923"
}
]
}

106
2017/12xxx/CVE-2017-12172.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-11-09T00:00:00",
"ID" : "CVE-2017-12172",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-11-09T00:00:00",
"ID": "CVE-2017-12172",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value" : "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24"
"version_value": "10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, 9.2.x before 9.2.24"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server."
"lang": "eng",
"value": "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-59"
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.postgresql.org/support/security/",
"refsource" : "MISC",
"url" : "https://www.postgresql.org/support/security/"
"name": "RHSA-2017:3402",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3402"
},
{
"name" : "https://www.postgresql.org/about/news/1801/",
"refsource" : "CONFIRM",
"url" : "https://www.postgresql.org/about/news/1801/"
"name": "101949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101949"
},
{
"name" : "RHSA-2017:3402",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3402"
"name": "RHSA-2017:3403",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3403"
},
{
"name" : "RHSA-2017:3403",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3403"
"name": "RHSA-2017:3405",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3405"
},
{
"name" : "RHSA-2017:3404",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3404"
"name": "https://www.postgresql.org/support/security/",
"refsource": "MISC",
"url": "https://www.postgresql.org/support/security/"
},
{
"name" : "RHSA-2017:3405",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3405"
"name": "1039752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039752"
},
{
"name" : "101949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101949"
"name": "https://www.postgresql.org/about/news/1801/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1801/"
},
{
"name" : "1039752",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039752"
"name": "RHSA-2017:3404",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3404"
}
]
}

78
2017/13xxx/CVE-2017-13182.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-13182",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-13182",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "8.0"
"version_value": "8.0"
},
{
"version_value" : "8.1"
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022."
"lang": "eng",
"value": "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-01-01"
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name" : "102414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102414"
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
},
{
"name" : "1040106",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040106"
"name": "102414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102414"
}
]
}

98
2017/13xxx/CVE-2017-13737.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13737",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13737",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack."
"lang": "eng",
"value": "There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484196",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484196"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/08/29/4",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/08/29/4"
"name": "http://openwall.com/lists/oss-security/2017/08/29/4",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/08/29/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484196",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484196"
"name": "100518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100518"
},
{
"name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/",
"refsource" : "CONFIRM",
"url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/"
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/",
"refsource": "CONFIRM",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/"
},
{
"name" : "https://bugs.debian.org/878511",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/878511"
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name" : "DSA-4321",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4321"
"name": "https://bugs.debian.org/878511",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/878511"
},
{
"name" : "100518",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100518"
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
}
]
}

66
2017/17xxx/CVE-2017-17140.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-12-06T00:00:00",
"ID" : "CVE-2017-17140",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-17140",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Enjoy 5s; Y6 Pro",
"version" : {
"version_data" : [
"product_name": "Enjoy 5s; Y6 Pro",
"version": {
"version_data": [
{
"version_value" : "The versions before TAG-AL00C92B170"
"version_value": "The versions before TAG-AL00C92B170"
},
{
"version_value" : "The versions before TIT-L01C576B121"
"version_value": "The versions before TIT-L01C576B121"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak."
"lang": "eng",
"value": "Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and the application can read some sensitive information in kernel memory which may cause sensitive information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "information leak"
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en"
}
]
}

62
2017/17xxx/CVE-2017-17508.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17508",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17508",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file."
"lang": "eng",
"value": "In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md",
"refsource" : "MISC",
"url" : "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
"name": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
}
]
}

80
2017/17xxx/CVE-2017-17692.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17692",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17692",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property."
"lang": "eng",
"value": "Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43376",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43376/"
"name": "43376",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43376/"
},
{
"name" : "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html"
"name": "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145510/Samsung-Internet-Browser-SOP-Bypass.html"
},
{
"name" : "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html",
"refsource" : "MISC",
"url" : "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html"
"name": "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html",
"refsource": "MISC",
"url": "https://datarift.blogspot.in/p/samsung-interent-browser-sop-bypass-cve.html"
},
{
"name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb"
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/samsung_browser_sop_bypass.rb"
}
]
}

62
2017/17xxx/CVE-2017-17829.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17829",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17829",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter."
"lang": "eng",
"value": "Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md"
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Bus-Booking-Script.md"
}
]
}

22
2017/17xxx/CVE-2017-17944.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17944",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17944",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2017/9xxx/CVE-2017-9032.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9032",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9032",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/May/91"
"name": "1038548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038548"
},
{
"name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html"
"name": "https://success.trendmicro.com/solution/1117411",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117411"
},
{
"name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities"
"name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities"
},
{
"name" : "https://success.trendmicro.com/solution/1117411",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1117411"
"name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/May/91"
},
{
"name" : "1038548",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038548"
"name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html"
}
]
}

62
2017/9xxx/CVE-2017-9443.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9443",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9443",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\process.php and core\\admin\\modules\\developer\\packages\\install\\process.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files.\""
"lang": "eng",
"value": "** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\process.php and core\\admin\\modules\\developer\\packages\\install\\process.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/bigtreecms/BigTree-CMS/issues/292",
"refsource" : "MISC",
"url" : "https://github.com/bigtreecms/BigTree-CMS/issues/292"
"name": "https://github.com/bigtreecms/BigTree-CMS/issues/292",
"refsource": "MISC",
"url": "https://github.com/bigtreecms/BigTree-CMS/issues/292"
}
]
}

266
2017/9xxx/CVE-2017-9798.json
View File

@ -1,231 +1,231 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-9798",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-9798",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache HTTP Server",
"version" : {
"version_data" : [
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value" : "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
"version_value": "Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
"lang": "eng",
"value": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "use-after-free"
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42745",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42745/"
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/09/18/2"
"name": "100872",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100872"
},
{
"name" : "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource" : "MISC",
"url" : "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource" : "MISC",
"url" : "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9",
"refsource" : "MISC",
"url" : "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "https://github.com/hannob/optionsbleed",
"refsource" : "MISC",
"url" : "https://github.com/hannob/optionsbleed"
"name": "RHSA-2017:2882",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2882"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource" : "MISC",
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-9798"
"name": "RHSA-2017:2972",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2972"
},
{
"name" : "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"refsource" : "MISC",
"url" : "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"
"name": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"
},
{
"name" : "https://support.apple.com/HT208331",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208331"
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "1039387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039387"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180601-0003/"
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "https://github.com/hannob/optionsbleed",
"refsource": "MISC",
"url": "https://github.com/hannob/optionsbleed"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"refsource": "MISC",
"url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "RHSA-2017:3240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"
"name": "RHSA-2017:3195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3195"
},
{
"name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource" : "CONFIRM",
"url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
"name": "RHSA-2017:3018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3018"
},
{
"name" : "DSA-3980",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3980"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "GLSA-201710-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-32"
"name": "RHSA-2017:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name" : "RHSA-2017:3018",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3018"
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name" : "RHSA-2017:3113",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3113"
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name" : "RHSA-2017:3114",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3114"
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"
},
{
"name" : "RHSA-2017:3193",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3193"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "RHSA-2017:3194",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3194"
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name" : "RHSA-2017:3195",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3195"
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name" : "RHSA-2017:3239",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3239"
"name": "http://openwall.com/lists/oss-security/2017/09/18/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/18/2"
},
{
"name" : "RHSA-2017:3240",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3240"
"name": "https://security.netapp.com/advisory/ntap-20180601-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0003/"
},
{
"name" : "RHSA-2017:2972",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2972"
"name": "RHSA-2017:3194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3194"
},
{
"name" : "RHSA-2017:2882",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2882"
"name": "https://security-tracker.debian.org/tracker/CVE-2017-9798",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-9798"
},
{
"name" : "RHSA-2017:3475",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3475"
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name" : "RHSA-2017:3476",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3476"
"name": "DSA-3980",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3980"
},
{
"name" : "RHSA-2017:3477",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3477"
"name": "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9",
"refsource": "MISC",
"url": "https://github.com/apache/httpd/commit/29afdd2550b3d30a8defece2b95ae81edcf66ac9"
},
{
"name" : "100872",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100872"
"name": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"
},
{
"name" : "105598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105598"
"name": "42745",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42745/"
},
{
"name" : "1039387",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039387"
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-32"
}
]
}

130
2018/0xxx/CVE-2018-0012.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-01-10T17:00:00.000Z",
"ID" : "CVE-2018-0012",
"STATE" : "PUBLIC",
"TITLE" : "Junos Space: Local privilege escalation vulnerability in Junos Space"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID": "CVE-2018-0012",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Local privilege escalation vulnerability in Junos Space"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Junos Space",
"version" : {
"version_data" : [
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected" : "<",
"version_name" : "All",
"version_value" : "17.2R1"
"affected": "<",
"version_name": "All",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
"lang": "eng",
"value": "Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges."
}
]
},
"exploit" : [
"exploit": [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Privilege escalation"
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/JSA10838",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10838"
"name": "https://kb.juniper.net/JSA10838",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10838"
},
{
"name" : "1040189",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040189"
"name": "1040189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040189"
}
]
},
"solution" : [
"solution": [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 17.2R1 and all subsequent releases."
}
],
"source" : {
"advisory" : "JSA10838",
"defect" : [
"source": {
"advisory": "JSA10838",
"defect": [
"1296620"
],
"discovery" : "INTERNAL"
"discovery": "INTERNAL"
},
"work_around" : [
"work_around": [
{
"lang" : "eng",
"value" : "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators."
}
]
}

146
2018/0xxx/CVE-2018-0046.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0046",
"STATE" : "PUBLIC",
"TITLE" : "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0046",
"STATE": "PUBLIC",
"TITLE": "Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Junos Space",
"version" : {
"version_data" : [
"product_name": "Junos Space",
"version": {
"version_data": [
{
"affected" : "<",
"version_value" : "18.2R1"
"affected": "<",
"version_value": "18.2R1"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"vendor_name": "Juniper Networks"
}
]
}
},
"credit" : [
"credit": [
{
"lang" : "eng",
"value" : "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
"lang": "eng",
"value": "Marcel Bilal of IT-Dienstleistungszentrum Berlin"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
"lang": "eng",
"value": "A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1."
}
]
},
"exploit" : [
"exploit": [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Reflected cross-site scripting vulnerability"
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d",
"refsource" : "CONFIRM",
"url" : "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
"name": "105566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105566"
},
{
"name" : "https://kb.juniper.net/JSA10880",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10880"
"name": "https://kb.juniper.net/JSA10880",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10880"
},
{
"name" : "105566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105566"
"name": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d",
"refsource": "CONFIRM",
"url": "https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d"
},
{
"name" : "1041862",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041862"
"name": "1041862",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041862"
}
]
},
"solution" : [
"solution": [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n"
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 18.2R1, and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10880",
"defect" : [
"source": {
"advisory": "JSA10880",
"defect": [
"1337619"
],
"discovery" : "EXTERNAL"
"discovery": "EXTERNAL"
},
"work_around" : [
"work_around": [
{
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

88
2018/0xxx/CVE-2018-0460.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-05T16:00:00-0500",
"ID" : "CVE-2018-0460",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID": "CVE-2018-0460",
"STATE": "PUBLIC",
"TITLE": "Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Enterprise NFV Infrastructure Software ",
"version" : {
"version_data" : [
"product_name": "Cisco Enterprise NFV Infrastructure Software ",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
"vendor_name": "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system."
"lang": "eng",
"value": "A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this vulnerability by sending a malicious API request with the authentication credentials of a low-privileged user. A successful exploit could allow the attacker to read any file on the affected system."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.5",
"version" : "3.0"
"impact": {
"cvss": {
"baseScore": "6.5",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-285"
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180905 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-infodis"
"name": "105299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105299"
},
{
"name" : "105299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105299"
"name": "20180905 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-infodis"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180905-nfvis-infodis",
"defect" : [
"source": {
"advisory": "cisco-sa-20180905-nfvis-infodis",
"defect": [
[
"CSCvj07787"
]
],
"discovery" : "UNKNOWN"
"discovery": "UNKNOWN"
}
}

62
2018/0xxx/CVE-2018-0534.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0534",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0534",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ArsenoL",
"version" : {
"version_data" : [
"product_name": "ArsenoL",
"version": {
"version_data": [
{
"version_value" : "Version 0.5"
"version_value": "Version 0.5"
}
]
}
}
]
},
"vendor_name" : "FlaFla..."
"vendor_name": "FlaFla..."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting"
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#30864198",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN30864198/index.html"
"name": "JVN#30864198",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN30864198/index.html"
}
]
}

68
2018/0xxx/CVE-2018-0625.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0625",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0625",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "WG1200HP",
"version" : {
"version_data" : [
"product_name": "WG1200HP",
"version": {
"version_data": [
{
"version_value" : "firmware Ver1.0.31 and earlier"
"version_value": "firmware Ver1.0.31 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEC Corporation"
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter."
"lang": "eng",
"value": "Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "OS Command Injection"
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource" : "MISC",
"url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
"name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name" : "JVN#00401783",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN00401783/index.html"
"name": "JVN#00401783",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN00401783/index.html"
}
]
}

68
2018/18xxx/CVE-2018-18431.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18431",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18431",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI."
"lang": "eng",
"value": "An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2"
"name": "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/DESTOON/blob/master/XSS.md#xss2"
},
{
"name" : "https://www.patec.cn/newsshow.php?cid=24&id=134",
"refsource" : "MISC",
"url" : "https://www.patec.cn/newsshow.php?cid=24&id=134"
"name": "https://www.patec.cn/newsshow.php?cid=24&id=134",
"refsource": "MISC",
"url": "https://www.patec.cn/newsshow.php?cid=24&id=134"
}
]
}

22
2018/19xxx/CVE-2018-19262.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19262",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-19262",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}

68
2018/19xxx/CVE-2018-19271.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19271",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19271",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Centreon 3.4.x allows SQL Injection via the main.php searchH parameter."
"lang": "eng",
"value": "Centreon 3.4.x allows SQL Injection via the main.php searchH parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/",
"refsource" : "MISC",
"url" : "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/"
"name": "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/",
"refsource": "MISC",
"url": "http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/"
},
{
"name" : "https://github.com/centreon/centreon/pull/6625",
"refsource" : "MISC",
"url" : "https://github.com/centreon/centreon/pull/6625"
"name": "https://github.com/centreon/centreon/pull/6625",
"refsource": "MISC",
"url": "https://github.com/centreon/centreon/pull/6625"
}
]
}

22
2018/19xxx/CVE-2018-19652.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19652",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19652",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/19xxx/CVE-2018-19817.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19817",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19817",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/AdminAuthorisationFrame.jsp\" has reflected XSS via the ConnPoolName or GroupId parameter."
"lang": "eng",
"value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/AdminAuthorisationFrame.jsp\" has reflected XSS via the ConnPoolName or GroupId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/20"
"name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
},
{
"name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
"name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/20"
}
]
}

76
2018/1xxx/CVE-2018-1082.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00",
"ID" : "CVE-2018-1082",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-26T00:00:00",
"ID": "CVE-2018-1082",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Moodle",
"version" : {
"version_data" : [
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value" : "3.4 to 3.4.1, 3.3 to 3.3.4"
"version_value": "3.4 to 3.4.1, 3.3 to 3.3.4"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site."
"lang": "eng",
"value": "A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-285"
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101"
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60101"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=367939",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=367939"
"name": "103725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103725"
},
{
"name" : "103725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103725"
"name": "https://moodle.org/mod/forum/discuss.php?d=367939",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=367939"
}
]
}

112
2018/1xxx/CVE-2018-1424.json
View File

@ -1,98 +1,98 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-05T00:00:00",
"ID" : "CVE-2018-1424",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-05T00:00:00",
"ID": "CVE-2018-1424",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Marketing Platform",
"version" : {
"version_data" : [
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value" : "9.1.2"
"version_value": "9.1.2"
},
{
"version_value" : "9.1.0"
"version_value": "9.1.0"
},
{
"version_value" : "10.1"
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
"lang": "eng",
"value": "IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "7.100",
"UI": "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
"name": "ibm-marketing-cve20181424-info-disc(139029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
},
{
"name" : "106201",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106201"
"name": "106201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106201"
},
{
"name" : "ibm-marketing-cve20181424-info-disc(139029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139029"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10744217",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10744217"
}
]
}

114
2018/1xxx/CVE-2018-1716.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-25T00:00:00",
"ID" : "CVE-2018-1716",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1716",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "WebSphere Portal",
"version" : {
"version_data" : [
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value" : "7.0"
"version_value": "7.0"
},
{
"version_value" : "8.0"
"version_value": "8.0"
},
{
"version_value" : "8.5"
"version_value": "8.5"
},
{
"version_value" : "9.0"
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"SCORE": "6.100",
"UI": "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729323",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
"name": "1041754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041754"
},
{
"name" : "1041754",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041754"
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729323",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name" : "ibm-websphere-cve20181716-xss(147164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
"name": "ibm-websphere-cve20181716-xss(147164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
]
}