admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:07:02 +00:00
parent 41ea433c8d
commit deb200fe54
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3529 additions and 3529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2003/0xxx/CVE-2003-0433.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0433",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0433",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code."
"lang": "eng",
"value": "Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "DSA-315",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-315"
"name": "DSA-315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-315"
}
]
}

104
2003/0xxx/CVE-2003-0526.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0526",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0526",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for \"500 Internal Server error\" or (2) 404.htm for \"404 Not Found.\""
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for \"500 Internal Server error\" or (2) 404.htm for \"404 Not Found.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030716 ISA Server - Error Page Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105838862201266&w=2"
"name": "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=105838590030409&w=2"
},
{
"name" : "20030716 ISA Server - Error Page Cross Site Scripting",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html"
"name": "20030716 ISA Server - Error Page Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105838862201266&w=2"
},
{
"name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105838519729525&w=2"
"name": "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html"
},
{
"name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=105838590030409&w=2"
"name": "oval:org.mitre.oval:def:117",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117"
},
{
"name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html"
"name": "MS03-028",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028"
},
{
"name" : "http://pivx.com/larholm/adv/TL006",
"refsource" : "MISC",
"url" : "http://pivx.com/larholm/adv/TL006"
"name": "20030716 ISA Server - Error Page Cross Site Scripting",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html"
},
{
"name" : "MS03-028",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028"
"name": "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105838519729525&w=2"
},
{
"name" : "oval:org.mitre.oval:def:117",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117"
"name": "http://pivx.com/larholm/adv/TL006",
"refsource": "MISC",
"url": "http://pivx.com/larholm/adv/TL006"
}
]
}

62
2003/0xxx/CVE-2003-0585.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0585",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0585",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters."
"lang": "eng",
"value": "SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2"
"name": "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105845898003616&w=2"
}
]
}

74
2003/0xxx/CVE-2003-0804.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0804",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0804",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests."
"lang": "eng",
"value": "The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "FreeBSD-SA-03:14",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc"
"name": "20040502-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=61798"
"name": "FreeBSD-SA-03:14",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc"
},
{
"name" : "20040502-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc"
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
]
}

74
2003/1xxx/CVE-2003-1332.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1332",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1332",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201."
"lang": "eng",
"value": "Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html"
"name": "RHSA-2003:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-096.html"
},
{
"name" : "RHSA-2003:096",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html"
"name": "http://www.securiteam.com/exploits/5TP0M2AAKS.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5TP0M2AAKS.html"
},
{
"name" : "samba-reply-nttrans-bo(12749)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12749"
"name": "samba-reply-nttrans-bo(12749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12749"
}
]
}

110
2004/0xxx/CVE-2004-0412.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0412",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0412",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
"lang": "eng",
"value": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
"refsource" : "MLIST",
"url" : "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
"name": "10412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10412"
},
{
"name" : "CLA-2004:842",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842"
"name": "GLSA-200406-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
"name": "11701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11701"
},
{
"name" : "FEDORA-2004-1734",
"refsource" : "FEDORA",
"url" : "http://marc.info/?l=bugtraq&m=109034869927955&w=2"
"name": "mailman-obtain-password(16256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
},
{
"name" : "GLSA-200406-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200406-04.xml"
"name": "MDKSA-2004:051",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
},
{
"name" : "MDKSA-2004:051",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
"name": "FEDORA-2004-1734",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq&m=109034869927955&w=2"
},
{
"name" : "10412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10412"
"name": "CLA-2004:842",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842"
},
{
"name" : "11701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11701"
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
},
{
"name" : "mailman-obtain-password(16256)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
"name": "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
}
]
}

86
2004/0xxx/CVE-2004-0881.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0881",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0881",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
"lang": "eng",
"value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040919 Local root compromise possible with getmail",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109571883130372&w=2"
"name": "20040919 Local root compromise possible with getmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109571883130372&w=2"
},
{
"name" : "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
"name": "DSA-553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-553"
},
{
"name" : "DSA-553",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-553"
"name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
},
{
"name" : "GLSA-200409-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200409-32.xml"
"name": "GLSA-200409-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
},
{
"name" : "getmail-maildir-race-condition(17439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
"name": "getmail-maildir-race-condition(17439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
}
]
}

170
2004/1xxx/CVE-2004-1071.json
View File

@ -1,151 +1,151 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1071",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1071",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code."
"lang": "eng",
"value": "The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt",
"refsource" : "MISC",
"url" : "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt"
"name": "20163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20163"
},
{
"name" : "DSA-1070",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1070"
"name": "DSA-1082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1082"
},
{
"name" : "DSA-1067",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1067"
"name": "MDKSA-2005:022",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
},
{
"name" : "DSA-1069",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1069"
"name": "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt",
"refsource": "MISC",
"url": "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt"
},
{
"name" : "DSA-1082",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1082"
"name": "FLSA:2336",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
},
{
"name" : "FLSA:2336",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
"name": "19607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19607"
},
{
"name" : "MDKSA-2005:022",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
"name": "DSA-1070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1070"
},
{
"name" : "RHSA-2004:537",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-537.html"
"name": "RHSA-2004:537",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
},
{
"name" : "RHSA-2004:504",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html"
"name": "20162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20162"
},
{
"name" : "RHSA-2004:505",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html"
"name": "linux-elf-setuid-gain-privileges(18025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18025"
},
{
"name" : "20060402-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
"name": "DSA-1067",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1067"
},
{
"name" : "11646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11646"
"name": "11646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11646"
},
{
"name" : "oval:org.mitre.oval:def:9917",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9917"
"name": "DSA-1069",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1069"
},
{
"name" : "20162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20162"
"name": "20060402-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
},
{
"name" : "20163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20163"
"name": "RHSA-2004:505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
},
{
"name" : "20202",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20202"
"name": "20202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20202"
},
{
"name" : "20338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20338"
"name": "RHSA-2004:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name" : "19607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19607"
"name": "oval:org.mitre.oval:def:9917",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9917"
},
{
"name" : "linux-elf-setuid-gain-privileges(18025)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18025"
"name": "20338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20338"
}
]
}

74
2004/1xxx/CVE-2004-1148.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1148",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1148",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter."
"lang": "eng",
"value": "phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20041213 Multiple vulnerabilities in phpMyAdmin",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110295781828323&w=2"
"name": "phpmyadmin-command-execute(18441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18441"
},
{
"name" : "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html",
"refsource" : "MISC",
"url" : "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html"
"name": "20041213 Multiple vulnerabilities in phpMyAdmin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110295781828323&w=2"
},
{
"name" : "phpmyadmin-command-execute(18441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18441"
"name": "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html",
"refsource": "MISC",
"url": "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html"
}
]
}

80
2004/2xxx/CVE-2004-2306.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2306",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2306",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection."
"lang": "eng",
"value": "Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "57483",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57483-1"
"name": "13724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13724"
},
{
"name" : "O-070",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-070.shtml"
"name": "solaris-bsm-sunwscpu-weak-security(15042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15042"
},
{
"name" : "13724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13724"
"name": "O-070",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-070.shtml"
},
{
"name" : "solaris-bsm-sunwscpu-weak-security(15042)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15042"
"name": "57483",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57483-1"
}
]
}

74
2004/2xxx/CVE-2004-2316.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1."
"lang": "eng",
"value": "Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "9494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9494"
"name": "9494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9494"
},
{
"name" : "10710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10710/"
"name": "10710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10710/"
},
{
"name" : "mbedthis-multiple-dos(14926)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14926"
"name": "mbedthis-multiple-dos(14926)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14926"
}
]
}

116
2004/2xxx/CVE-2004-2660.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2660",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2660",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests."
"lang": "eng",
"value": "Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA",
"refsource" : "CONFIRM",
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA"
"name": "oval:org.mitre.oval:def:10165",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10165"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10"
"name": "RHSA-2006:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
"name": "21605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21605"
},
{
"name" : "DSA-1184",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1184"
"name": "22174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22174"
},
{
"name" : "RHSA-2006:0617",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
"name": "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA"
},
{
"name" : "19665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19665"
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10"
},
{
"name" : "oval:org.mitre.oval:def:10165",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10165"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name" : "21605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21605"
"name": "19665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19665"
},
{
"name" : "22093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22093"
"name": "22093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22093"
},
{
"name" : "22174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22174"
"name": "DSA-1184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1184"
}
]
}

80
2008/2xxx/CVE-2008-2197.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2197",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2197",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php."
"lang": "eng",
"value": "SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5548",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5548"
"name": "blogwriter-historymonth-sql-injection(42220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42220"
},
{
"name" : "29061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29061"
"name": "30085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30085"
},
{
"name" : "30085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30085"
"name": "29061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29061"
},
{
"name" : "blogwriter-historymonth-sql-injection(42220)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42220"
"name": "5548",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5548"
}
]
}

110
2008/2xxx/CVE-2008-2615.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2615",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2615",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622."
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name": "ADV-2008-2115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name": "SSRT061201",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "ADV-2008-2115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2115"
"name": "1020497",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020497"
},
{
"name" : "ADV-2008-2109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2109/references"
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "1020497",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020497"
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name" : "31113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31113"
"name": "oracle-peoplesoft-peoptools-priv-escalation1(43816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43816"
},
{
"name" : "31087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31087"
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name" : "oracle-peoplesoft-peoptools-priv-escalation1(43816)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43816"
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
}
]
}

314
2008/2xxx/CVE-2008-2726.json
View File

@ -1,271 +1,271 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2726",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2726",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
"lang": "eng",
"value": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080626 rPSA-2008-0206-1 ruby",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
"refsource" : "MISC",
"url" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
"name": "http://support.apple.com/kb/HT2163",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2163"
},
{
"name" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
"refsource" : "MISC",
"url" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
"name": "31090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31090"
},
{
"name" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
"name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
"refsource": "MISC",
"url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
},
{
"name" : "http://www.ruby-forum.com/topic/157034",
"refsource" : "MISC",
"url" : "http://www.ruby-forum.com/topic/157034"
"name": "MDVSA-2008:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
},
{
"name" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
"refsource" : "MISC",
"url" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
"name": "30875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30875"
},
{
"name" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
"name": "ADV-2008-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name" : "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216",
"refsource" : "MLIST",
"url" : "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"
"name": "ruby-rbarysplice-begrlen-code-execution(43351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"
"name": "ADV-2008-1907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1907/references"
},
{
"name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460",
"refsource" : "CONFIRM",
"url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460"
"name": "DSA-1618",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1618"
},
{
"name" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name" : "http://support.apple.com/kb/HT2163",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT2163"
"name": "30894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30894"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
"name": "31062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31062"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2626",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2626"
"name": "31256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31256"
},
{
"name" : "APPLE-SA-2008-06-30",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
"name": "20080626 rPSA-2008-0206-1 ruby",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
},
{
"name" : "DSA-1612",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1612"
"name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
},
{
"name" : "DSA-1618",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1618"
"name": "SSA:2008-179-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
},
{
"name" : "FEDORA-2008-5649",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
"name": "APPLE-SA-2008-06-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name" : "GLSA-200812-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml"
"name": "1020347",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020347"
},
{
"name" : "MDVSA-2008:140",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
"name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
"refsource": "MISC",
"url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
},
{
"name" : "MDVSA-2008:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
"name": "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216",
"refsource": "MLIST",
"url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"
},
{
"name" : "MDVSA-2008:142",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
},
{
"name" : "RHSA-2008:0561",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
"name": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"
},
{
"name" : "SSA:2008-179-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
"name": "FEDORA-2008-5649",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
},
{
"name" : "SUSE-SR:2008:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name": "MDVSA-2008:140",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
},
{
"name" : "USN-621-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-621-1"
"name": "30802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30802"
},
{
"name" : "29903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29903"
"name": "30831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30831"
},
{
"name" : "oval:org.mitre.oval:def:9959",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959"
"name": "oval:org.mitre.oval:def:9959",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959"
},
{
"name" : "ADV-2008-1907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1907/references"
"name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460",
"refsource": "CONFIRM",
"url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460"
},
{
"name" : "ADV-2008-1981",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1981/references"
"name": "RHSA-2008:0561",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
},
{
"name" : "1020347",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020347"
"name": "https://issues.rpath.com/browse/RPL-2626",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2626"
},
{
"name" : "30831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30831"
"name": "DSA-1612",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1612"
},
{
"name" : "30802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30802"
"name": "GLSA-200812-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name" : "31062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31062"
"name": "33178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33178"
},
{
"name" : "31090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31090"
"name": "29903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29903"
},
{
"name" : "31181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31181"
"name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
},
{
"name" : "31256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31256"
"name": "30867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30867"
},
{
"name" : "31687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31687"
"name": "MDVSA-2008:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
},
{
"name" : "30867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30867"
"name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
},
{
"name" : "30875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30875"
"name": "http://www.ruby-forum.com/topic/157034",
"refsource": "MISC",
"url": "http://www.ruby-forum.com/topic/157034"
},
{
"name" : "30894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30894"
"name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
"refsource": "MISC",
"url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
},
{
"name" : "33178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33178"
"name": "USN-621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-621-1"
},
{
"name" : "ruby-rbarysplice-begrlen-code-execution(43351)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351"
"name": "31181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31181"
}
]
}

74
2008/6xxx/CVE-2008-6056.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6056",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6056",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081215 Multiple XSS Vulnerabilities in World Recipe 2.11",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499217/100/0/threaded"
"name": "32837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32837"
},
{
"name" : "32837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32837"
"name": "20081215 Multiple XSS Vulnerabilities in World Recipe 2.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499217/100/0/threaded"
},
{
"name" : "worldrecipe-multiple-xss(47366)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47366"
"name": "worldrecipe-multiple-xss(47366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47366"
}
]
}

104
2008/6xxx/CVE-2008-6927.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6927",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6927",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
"name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498519"
"name": "6897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498526"
"name": "49518",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49518"
},
{
"name" : "6897",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6897"
"name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name" : "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource" : "MISC",
"url" : "http://www.netenberg.com/forum/index.php?topic=6832"
"name": "32423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32423"
},
{
"name" : "49518",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/49518"
"name": "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource": "MISC",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name" : "32423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32423"
"name": "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"name" : "cpanel-autoinstall-xss(46253)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
"name": "cpanel-autoinstall-xss(46253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
}
]
}

86
2012/1xxx/CVE-2012-1698.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1698",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1698",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
"name": "53128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53128"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "53128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53128"
"name": "1026940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026940"
},
{
"name" : "1026940",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026940"
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "48809",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48809"
"name": "48809",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48809"
}
]
}

98
2012/1xxx/CVE-2012-1726.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1726",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1726",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries."
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name": "SUSE-SU-2012:1231",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
},
{
"name" : "HPSBUX02805",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
"name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
},
{
"name" : "SSRT100919",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
"name": "SSRT100919",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name" : "SUSE-SU-2012:1231",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
"name": "oval:org.mitre.oval:def:16699",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16699"
},
{
"name" : "53948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53948"
"name": "53948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53948"
},
{
"name" : "oval:org.mitre.oval:def:16699",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16699"
"name": "HPSBUX02805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
}
]
}

74
2012/1xxx/CVE-2012-1838.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1838",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1838",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page."
"lang": "eng",
"value": "The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#523027",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/523027"
"name": "VU#523027",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/523027"
},
{
"name" : "80370",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80370"
"name": "80370",
"refsource": "OSVDB",
"url": "http://osvdb.org/80370"
},
{
"name" : "lgnortel-switch-info-disclosure(74237)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74237"
"name": "lgnortel-switch-info-disclosure(74237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74237"
}
]
}

116
2012/5xxx/CVE-2012-5629.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5629",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5629",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."
"lang": "eng",
"value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569",
"refsource" : "MISC",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"
"name": "RHSA-2013:0234",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"
},
{
"name" : "RHSA-2013:0229",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0229.html"
"name": "RHSA-2013:0586",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"
},
{
"name" : "RHSA-2013:0230",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0230.html"
"name": "RHSA-2013:0248",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"
},
{
"name" : "RHSA-2013:0231",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0231.html"
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"
},
{
"name" : "RHSA-2013:0232",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0232.html"
"name": "RHSA-2013:0229",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"
},
{
"name" : "RHSA-2013:0233",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0233.html"
"name": "RHSA-2013:0230",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"
},
{
"name" : "RHSA-2013:0234",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0234.html"
"name": "RHSA-2013:0232",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"
},
{
"name" : "RHSA-2013:0248",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0248.html"
"name": "RHSA-2013:0533",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
},
{
"name" : "RHSA-2013:0586",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0586.html"
"name": "RHSA-2013:0231",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"
},
{
"name" : "RHSA-2013:0533",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
"name": "RHSA-2013:0233",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"
}
]
}

22
2012/5xxx/CVE-2012-5848.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5848",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-5848",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}

98
2012/5xxx/CVE-2012-5876.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5876",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5876",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow."
"lang": "eng",
"value": "Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130109 Nero MediaHome Multiple Remote DoS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html"
"name": "mediahome-nmmediaserver-dos(81103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81103"
},
{
"name" : "24022",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/24022"
"name": "89150",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/89150"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23130",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23130"
"name": "57253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57253"
},
{
"name" : "57253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57253"
"name": "20130109 Nero MediaHome Multiple Remote DoS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html"
},
{
"name" : "89149",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89149"
"name": "89149",
"refsource": "OSVDB",
"url": "http://osvdb.org/89149"
},
{
"name" : "89150",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/89150"
"name": "https://www.htbridge.com/advisory/HTB23130",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23130"
},
{
"name" : "mediahome-nmmediaserver-dos(81103)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81103"
"name": "24022",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24022"
}
]
}

64
2017/11xxx/CVE-2017-11091.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-11-01T00:00:00",
"ID" : "CVE-2017-11091",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-11-01T00:00:00",
"ID": "CVE-2017-11091",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early."
"lang": "eng",
"value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use After Free in Display"
"lang": "eng",
"value": "Use After Free in Display"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}

62
2017/11xxx/CVE-2017-11105.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11105",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11105",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation."
"lang": "eng",
"value": "The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://alephsecurity.com/vulns/aleph-2017026",
"refsource" : "MISC",
"url" : "https://alephsecurity.com/vulns/aleph-2017026"
"name": "https://alephsecurity.com/vulns/aleph-2017026",
"refsource": "MISC",
"url": "https://alephsecurity.com/vulns/aleph-2017026"
}
]
}

62
2017/11xxx/CVE-2017-11307.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-11307",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-11307",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : {
"version_data" : [
"product_name": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version": {
"version_data": [
{
"version_value" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
"version_value": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
}
]
}

22
2017/15xxx/CVE-2017-15521.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15521",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15521",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

82
2017/3xxx/CVE-2017-3119.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-3119",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-3119",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value" : "2017.009.20058 and earlier"
"version_value": "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
"version_value": "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
"version_value": "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Memory Corruption"
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "100179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100179"
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
"name": "100179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100179"
}
]
}

78
2017/3xxx/CVE-2017-3156.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-02-20T00:00:00",
"ID" : "CVE-2017-3156",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-02-20T00:00:00",
"ID": "CVE-2017-3156",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache CXF",
"version" : {
"version_data" : [
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_value" : "prior to 3.0.13"
"version_value": "prior to 3.0.13"
},
{
"version_value" : "3.1.x prior to 3.1.10"
"version_value": "3.1.x prior to 3.1.10"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks."
"lang": "eng",
"value": "The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Timing attack"
"lang": "eng",
"value": "Timing attack"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc",
"refsource" : "CONFIRM",
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc"
"name": "96398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96398"
},
{
"name" : "RHSA-2017:1832",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1832"
"name": "RHSA-2017:1832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name" : "96398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96398"
"name": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc"
}
]
}

80
2017/3xxx/CVE-2017-3538.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3538",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3538",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Oracle VM VirtualBox",
"version" : {
"version_data" : [
"product_name": "Oracle VM VirtualBox",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "5.0.34"
"version_affected": "<",
"version_value": "5.0.34"
},
{
"version_affected" : "<",
"version_value" : "5.1.16"
"version_affected": "<",
"version_value": "5.1.16"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97698"
"name": "1038288",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038288"
},
{
"name" : "1038288",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038288"
"name": "97698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97698"
}
]
}

74
2017/8xxx/CVE-2017-8550.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8550",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8550",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Skype for Business",
"version" : {
"version_data" : [
"product_name": "Skype for Business",
"version": {
"version_data": [
{
"version_value" : "Microsoft Office 2016 Click-to-Run (C2R)"
"version_value": "Microsoft Office 2016 Click-to-Run (C2R)"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka \"Skype for Business Remote Code Execution Vulnerability\"."
"lang": "eng",
"value": "A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka \"Skype for Business Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42316",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42316/"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550"
"name": "42316",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42316/"
},
{
"name" : "98916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98916"
"name": "98916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98916"
}
]
}

70
2017/8xxx/CVE-2017-8617.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8617",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8617",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows 10 1703",
"version" : {
"version_data" : [
"product_name": "Windows 10 1703",
"version": {
"version_data": [
{
"version_value" : "Microsoft Edge"
"version_value": "Microsoft Edge"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability.\""
"lang": "eng",
"value": "Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617"
"name": "99422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99422"
},
{
"name" : "99422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99422"
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617"
}
]
}

70
2017/8xxx/CVE-2017-8658.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-10T00:00:00",
"ID" : "CVE-2017-8658",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-8658",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value" : "ChakraCore V1.7.1"
"version_value": "ChakraCore V1.7.1"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
"name": "100036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100036"
},
{
"name" : "100036",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100036"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
}
]
}

62
2017/8xxx/CVE-2017-8773.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8773",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8773",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation."
"lang": "eng",
"value": "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/",
"refsource" : "MISC",
"url" : "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/"
"name": "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/",
"refsource": "MISC",
"url": "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/"
}
]
}

70
2017/8xxx/CVE-2017-8957.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-07-22T00:00:00",
"ID" : "CVE-2017-8957",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-07-22T00:00:00",
"ID": "CVE-2017-8957",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value" : "PLAT 7.2"
"version_value": "PLAT 7.2"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found."
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us"
"name": "99925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99925"
},
{
"name" : "99925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99925"
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us"
}
]
}

62
2018/10xxx/CVE-2018-10404.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10404",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10404",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute."
"lang": "eng",
"value": "An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource" : "MISC",
"url" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
"name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
"refsource": "MISC",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
}
]
}

118
2018/10xxx/CVE-2018-10897.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-10897",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10897",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "yum-utils:",
"version" : {
"version_data" : [
"product_name": "yum-utils:",
"version": {
"version_data": [
{
"version_value" : "1.1.31"
"version_value": "1.1.31"
}
]
}
}
]
},
"vendor_name" : "The RPM Project"
"vendor_name": "The RPM Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
"lang": "eng",
"value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
"vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-59"
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
"name": "1041594",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041594"
},
{
"name" : "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c",
"refsource" : "CONFIRM",
"url" : "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
"name": "RHSA-2018:2285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2285"
},
{
"name" : "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c",
"refsource" : "CONFIRM",
"url" : "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
"name": "RHSA-2018:2284",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2284"
},
{
"name" : "https://github.com/rpm-software-management/yum-utils/pull/43",
"refsource" : "CONFIRM",
"url" : "https://github.com/rpm-software-management/yum-utils/pull/43"
"name": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "RHSA-2018:2626",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2626"
},
{
"name" : "RHSA-2018:2284",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2284"
"name": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
},
{
"name" : "RHSA-2018:2285",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2285"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
},
{
"name" : "RHSA-2018:2626",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2626"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "1041594",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041594"
"name": "https://github.com/rpm-software-management/yum-utils/pull/43",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/yum-utils/pull/43"
}
]
}

64
2018/12xxx/CVE-2018-12203.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-12203",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-12203",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Intel Platform Sample / Silicon Reference firmware",
"version" : {
"version_data" : [
"product_name": "Intel Platform Sample / Silicon Reference firmware",
"version": {
"version_data": [
{
"version_value" : "Multiple versions."
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access."
"lang": "eng",
"value": "Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Escalation of privilege"
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
}
]
}

62
2018/12xxx/CVE-2018-12498.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12498",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12498",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php."
"lang": "eng",
"value": "spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/idreamsoft/iCMS/issues/26",
"refsource" : "MISC",
"url" : "https://github.com/idreamsoft/iCMS/issues/26"
"name": "https://github.com/idreamsoft/iCMS/issues/26",
"refsource": "MISC",
"url": "https://github.com/idreamsoft/iCMS/issues/26"
}
]
}

68
2018/12xxx/CVE-2018-12815.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12815",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12815",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : {
"version_data" : [
"product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version": {
"version_data": [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
"version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
"lang": "eng",
"value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use-after-free"
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name" : "105536",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105536"
"name": "105536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105536"
}
]
}

22
2018/13xxx/CVE-2018-13148.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13148",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13148",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/13xxx/CVE-2018-13459.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13459",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13459",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/13xxx/CVE-2018-13632.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13632",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13632",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA"
}
]
}

70
2018/13xxx/CVE-2018-13820.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vuln@ca.com",
"DATE_PUBLIC" : "2018-08-29T00:00:00",
"ID" : "CVE-2018-13820",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC": "2018-08-29T00:00:00",
"ID": "CVE-2018-13820",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Unified Infrastructure Management",
"version" : {
"version_data" : [
"product_name": "Unified Infrastructure Management",
"version": {
"version_data": [
{
"version_value" : "8.5.1, 8.5, 8.4.7"
"version_value": "8.5.1, 8.5, 8.4.7"
}
]
}
}
]
},
"vendor_name" : "CA Technologies"
"vendor_name": "CA Technologies"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
"lang": "eng",
"value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use of Hard-coded Password"
"lang": "eng",
"value": "Use of Hard-coded Password"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
"name": "105199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105199"
},
{
"name" : "105199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105199"
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
}
]
}

22
2018/17xxx/CVE-2018-17339.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17339",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17339",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/17xxx/CVE-2018-17561.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17561",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17561",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/17xxx/CVE-2018-17846.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17846",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17846",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification."
"lang": "eng",
"value": "The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/golang/go/issues/27842",
"refsource" : "MISC",
"url" : "https://github.com/golang/go/issues/27842"
"name": "https://github.com/golang/go/issues/27842",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/27842"
}
]
}

22
2018/17xxx/CVE-2018-17862.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17862",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17862",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2018/17xxx/CVE-2018-17872.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17872",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17872",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions."
"lang": "eng",
"value": "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/13"
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
},
{
"name" : "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
"name": "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/13"
},
{
"name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt",
"refsource" : "MISC",
"url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
"name": "https://releases.verba.com/?v=9.2",
"refsource": "CONFIRM",
"url": "https://releases.verba.com/?v=9.2"
},
{
"name" : "https://releases.verba.com/?v=9.2",
"refsource" : "CONFIRM",
"url" : "https://releases.verba.com/?v=9.2"
"name": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
}
]
}