admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:01:50 +00:00
parent 32d3489c2a
commit e0d36c4c17
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4517 additions and 4517 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2004/0xxx/CVE-2004-0716.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "A072204-1",
"refsource" : "ATSTAKE",
"url" : "http://www.atstake.com/research/advisories/2004/a072204-1.txt"
},
{
"name" : "http://support.entegrity.com/private/patches/dce/ssrt4741.asp",
"refsource" : "CONFIRM",
"url" : "http://support.entegrity.com/private/patches/dce/ssrt4741.asp"
},
{
"name" : "VU#259796",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/259796"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.entegrity.com/private/patches/dce/ssrt4741.asp",
"refsource": "CONFIRM",
"url": "http://support.entegrity.com/private/patches/dce/ssrt4741.asp"
},
{
"name": "VU#259796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/259796"
},
{
"name": "A072204-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2004/a072204-1.txt"
}
]
}
}

190
2004/0xxx/CVE-2004-0721.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "oval:org.mitre.oval:def:11371",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11371"
},
{
"name" : "11978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11978"
},
{
"name" : "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
"refsource" : "MISC",
"url" : "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"name" : "20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109225538901170&w=2"
},
{
"name" : "http://www.kde.org/info/security/advisory-20040811-3.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20040811-3.txt"
},
{
"name" : "CLA-2004:864",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864"
},
{
"name" : "200408-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200408-13.xml"
},
{
"name" : "http-frame-spoof(1598)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http-frame-spoof(1598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "CLA-2004:864",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864"
},
{
"name": "11978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11978"
},
{
"name": "oval:org.mitre.oval:def:11371",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11371"
},
{
"name": "http://www.kde.org/info/security/advisory-20040811-3.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20040811-3.txt"
},
{
"name": "200408-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200408-13.xml"
},
{
"name": "20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109225538901170&w=2"
},
{
"name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
"refsource": "MISC",
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
}
]
}
}

320
2004/0xxx/CVE-2004-0949.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110072140811965&w=2"
},
{
"name" : "http://security.e-matters.de/advisories/142004.html",
"refsource" : "MISC",
"url" : "http://security.e-matters.de/advisories/142004.html"
},
{
"name" : "DSA-1070",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1070"
},
{
"name" : "DSA-1067",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1067"
},
{
"name" : "DSA-1069",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1069"
},
{
"name" : "DSA-1082",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1082"
},
{
"name" : "FLSA:2336",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
},
{
"name" : "MDKSA-2005:022",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
},
{
"name" : "RHSA-2004:537",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-537.html"
},
{
"name" : "RHSA-2004:504",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name" : "RHSA-2004:505",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html"
},
{
"name" : "2004-0061",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0061/"
},
{
"name" : "USN-30-1",
"refsource" : "UBUNTU",
"url" : "https://www.ubuntu.com/usn/usn-30-1/"
},
{
"name" : "oval:org.mitre.oval:def:10360",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10360"
},
{
"name" : "20162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20162"
},
{
"name" : "20163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20163"
},
{
"name" : "20202",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20202"
},
{
"name" : "20338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20338"
},
{
"name" : "linux-smbrecvtrans2-memory-leak(18137)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18137"
},
{
"name" : "11695",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11695"
},
{
"name" : "13232",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13232/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20163"
},
{
"name": "11695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11695"
},
{
"name": "DSA-1082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1082"
},
{
"name": "MDKSA-2005:022",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
},
{
"name": "20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110072140811965&w=2"
},
{
"name": "FLSA:2336",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
},
{
"name": "oval:org.mitre.oval:def:10360",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10360"
},
{
"name": "USN-30-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-30-1/"
},
{
"name": "http://security.e-matters.de/advisories/142004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/142004.html"
},
{
"name": "DSA-1070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1070"
},
{
"name": "RHSA-2004:537",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
},
{
"name": "20162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20162"
},
{
"name": "linux-smbrecvtrans2-memory-leak(18137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18137"
},
{
"name": "DSA-1067",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1067"
},
{
"name": "DSA-1069",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1069"
},
{
"name": "2004-0061",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0061/"
},
{
"name": "RHSA-2004:505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
},
{
"name": "20202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20202"
},
{
"name": "RHSA-2004:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name": "13232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13232/"
},
{
"name": "20338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20338"
}
]
}
}

130
2004/1xxx/CVE-2004-1294.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/tnftp.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/tnftp.txt"
},
{
"name" : "tnftp-mget-cmds-file-overwrite(18560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tnftp-mget-cmds-file-overwrite(18560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18560"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/tnftp.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/tnftp.txt"
}
]
}
}

160
2004/1xxx/CVE-2004-1554.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040926 @lex Guestbook (PHP) Include file",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109635806703748&w=2"
},
{
"name" : "http://packetstormsecurity.nl/0410-exploits/alexPHP.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.nl/0410-exploits/alexPHP.txt"
},
{
"name" : "11260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11260"
},
{
"name" : "1011432",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011432"
},
{
"name" : "@lex-guestbook-file-include(17516)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11260"
},
{
"name": "@lex-guestbook-file-include(17516)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17516"
},
{
"name": "1011432",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011432"
},
{
"name": "http://packetstormsecurity.nl/0410-exploits/alexPHP.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0410-exploits/alexPHP.txt"
},
{
"name": "20040926 @lex Guestbook (PHP) Include file",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109635806703748&w=2"
}
]
}
}

160
2004/1xxx/CVE-2004-1570.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041001 SQL Injection vulnerability in bBlog 0.7.3",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109665351632048&w=2"
},
{
"name" : "http://www.servers.co.nz/security/SCN200409-1.php",
"refsource" : "MISC",
"url" : "http://www.servers.co.nz/security/SCN200409-1.php"
},
{
"name" : "11303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11303"
},
{
"name" : "12691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12691"
},
{
"name" : "bblog-array-sql-injection(17552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041001 SQL Injection vulnerability in bBlog 0.7.3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109665351632048&w=2"
},
{
"name": "12691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12691"
},
{
"name": "11303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11303"
},
{
"name": "http://www.servers.co.nz/security/SCN200409-1.php",
"refsource": "MISC",
"url": "http://www.servers.co.nz/security/SCN200409-1.php"
},
{
"name": "bblog-array-sql-injection(17552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17552"
}
]
}
}

150
2004/1xxx/CVE-2004-1653.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040831 SSHD / AnonCVS Nastyness",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109413637313484&w=2"
},
{
"name" : "9562",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9562"
},
{
"name" : "1011143",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011143"
},
{
"name" : "openssh-port-bounce(17213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040831 SSHD / AnonCVS Nastyness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109413637313484&w=2"
},
{
"name": "openssh-port-bounce(17213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17213"
},
{
"name": "1011143",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011143"
},
{
"name": "9562",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9562"
}
]
}
}

740
2008/2xxx/CVE-2008-2809.json
View File

@ -1,372 +1,372 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
},
{
"name" : "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
},
{
"name" : "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
},
{
"name" : "20080708 rPSA-2008-0216-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name" : "http://nils.toedtmann.net/pub/subjectAltName.txt",
"refsource" : "MISC",
"url" : "http://nils.toedtmann.net/pub/subjectAltName.txt"
},
{
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=240261",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=327181",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=402347",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2646",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2646"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name" : "DSA-1607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1607"
},
{
"name" : "DSA-1615",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1615"
},
{
"name" : "DSA-1621",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1621"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "FEDORA-2008-6127",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name" : "FEDORA-2008-6193",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name" : "FEDORA-2008-6196",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name" : "FEDORA-2008-6706",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
},
{
"name" : "FEDORA-2008-6737",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
},
{
"name" : "GLSA-200808-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name" : "MDVSA-2008:136",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
},
{
"name" : "MDVSA-2008:155",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
},
{
"name" : "RHSA-2008:0547",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name" : "RHSA-2008:0549",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name" : "RHSA-2008:0569",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name" : "RHSA-2008:0616",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name" : "SSA:2008-191-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
},
{
"name" : "SSA:2008-210-05",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"
},
{
"name" : "SSA:2008-191",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
},
{
"name" : "256408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name" : "SUSE-SA:2008:034",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name" : "USN-619-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name" : "USN-629-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-629-1"
},
{
"name" : "30038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30038"
},
{
"name" : "oval:org.mitre.oval:def:10205",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
},
{
"name" : "34501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34501"
},
{
"name" : "31076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31076"
},
{
"name" : "ADV-2008-1993",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name" : "1018979",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018979"
},
{
"name" : "1020419",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020419"
},
{
"name" : "30911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30911"
},
{
"name" : "30878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30878"
},
{
"name" : "30898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30898"
},
{
"name" : "30903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30903"
},
{
"name" : "30949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30949"
},
{
"name" : "31005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31005"
},
{
"name" : "31008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31008"
},
{
"name" : "31069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31069"
},
{
"name" : "31023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31023"
},
{
"name" : "31183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31183"
},
{
"name" : "31195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31195"
},
{
"name" : "31220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31220"
},
{
"name" : "31253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31253"
},
{
"name" : "31377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31377"
},
{
"name" : "31286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31286"
},
{
"name" : "31403",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31403"
},
{
"name" : "31021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31021"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
},
{
"name" : "3498",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3498"
},
{
"name" : "ADV-2009-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name" : "mozilla-altnames-spoofing(43524)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2008:034",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name": "RHSA-2008:0549",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "31021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31021"
},
{
"name": "30898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30898"
},
{
"name": "31403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31403"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name": "https://issues.rpath.com/browse/RPL-2646",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"name": "30949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30949"
},
{
"name": "SSA:2008-191-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31069"
},
{
"name": "31008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31008"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
},
{
"name": "RHSA-2008:0616",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "3498",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3498"
},
{
"name": "ADV-2008-1993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name": "31023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31023"
},
{
"name": "MDVSA-2008:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
},
{
"name": "30038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30038"
},
{
"name": "DSA-1607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "31005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31005"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "FEDORA-2008-6127",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name": "1020419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020419"
},
{
"name": "31253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31253"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name": "FEDORA-2008-6737",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
},
{
"name": "31183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31183"
},
{
"name": "30903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30903"
},
{
"name": "RHSA-2008:0547",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name": "FEDORA-2008-6193",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name": "USN-629-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-629-1"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
},
{
"name": "SSA:2008-191",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
},
{
"name": "SSA:2008-210-05",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"
},
{
"name": "DSA-1615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
},
{
"name": "FEDORA-2008-6706",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
},
{
"name": "31220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31220"
},
{
"name": "31195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31195"
},
{
"name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
},
{
"name": "oval:org.mitre.oval:def:10205",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
},
{
"name": "31076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31076"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
},
{
"name": "USN-619-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name": "30911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30911"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
},
{
"name": "RHSA-2008:0569",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name": "30878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30878"
},
{
"name": "DSA-1621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1621"
},
{
"name": "20080708 rPSA-2008-0216-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name": "1018979",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018979"
},
{
"name": "http://nils.toedtmann.net/pub/subjectAltName.txt",
"refsource": "MISC",
"url": "http://nils.toedtmann.net/pub/subjectAltName.txt"
},
{
"name": "mozilla-altnames-spoofing(43524)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
},
{
"name": "31286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31286"
},
{
"name": "FEDORA-2008-6196",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
]
}
}

150
2008/2xxx/CVE-2008-2994.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080610 PHPEasyData 1.5.4 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493273/100/0/threaded"
},
{
"name" : "29659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29659"
},
{
"name" : "3969",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3969"
},
{
"name" : "phpeasydata-lastrecords-annuaire-xss(42997)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080610 PHPEasyData 1.5.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493273/100/0/threaded"
},
{
"name": "phpeasydata-lastrecords-annuaire-xss(42997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42997"
},
{
"name": "3969",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3969"
},
{
"name": "29659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29659"
}
]
}
}

170
2008/3xxx/CVE-2008-3297.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080722 Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494638/100/0/threaded"
},
{
"name" : "http://www.socialengine.net/news.php",
"refsource" : "CONFIRM",
"url" : "http://www.socialengine.net/news.php"
},
{
"name" : "30342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30342"
},
{
"name" : "31203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31203"
},
{
"name" : "4035",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4035"
},
{
"name" : "socialengine-cookie-sql-injection(43958)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080722 Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494638/100/0/threaded"
},
{
"name": "socialengine-cookie-sql-injection(43958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43958"
},
{
"name": "http://www.socialengine.net/news.php",
"refsource": "CONFIRM",
"url": "http://www.socialengine.net/news.php"
},
{
"name": "4035",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4035"
},
{
"name": "30342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30342"
},
{
"name": "31203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31203"
}
]
}
}

160
2008/3xxx/CVE-2008-3298.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080722 Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494638/100/0/threaded"
},
{
"name" : "http://www.socialengine.net/news.php",
"refsource" : "CONFIRM",
"url" : "http://www.socialengine.net/news.php"
},
{
"name" : "31203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31203"
},
{
"name" : "4035",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4035"
},
{
"name" : "socialengine-template-code-execution(43959)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "socialengine-template-code-execution(43959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43959"
},
{
"name": "20080722 Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494638/100/0/threaded"
},
{
"name": "http://www.socialengine.net/news.php",
"refsource": "CONFIRM",
"url": "http://www.socialengine.net/news.php"
},
{
"name": "4035",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4035"
},
{
"name": "31203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31203"
}
]
}
}

430
2008/3xxx/CVE-2008-3655.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080831 rPSA-2008-0264-1 ruby",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
},
{
"name" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
},
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "DSA-1651",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1651"
},
{
"name" : "DSA-1652",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1652"
},
{
"name" : "FEDORA-2008-8736",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
},
{
"name" : "FEDORA-2008-8738",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
},
{
"name" : "GLSA-200812-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name" : "RHSA-2008:0895",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
},
{
"name" : "RHSA-2008:0897",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
},
{
"name" : "USN-651-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/651-1/"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "30644",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30644"
},
{
"name" : "oval:org.mitre.oval:def:11602",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
},
{
"name" : "ADV-2008-2334",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2334"
},
{
"name" : "1020656",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020656"
},
{
"name" : "31697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31697"
},
{
"name" : "32255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32255"
},
{
"name" : "32256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32256"
},
{
"name" : "33178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33178"
},
{
"name" : "31430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31430"
},
{
"name" : "32165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32165"
},
{
"name" : "32219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32219"
},
{
"name" : "32371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32371"
},
{
"name" : "32372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32372"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name" : "ruby-safelevel-security-bypass(44369)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31430"
},
{
"name": "1020656",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020656"
},
{
"name": "31697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31697"
},
{
"name": "USN-651-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/651-1/"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
},
{
"name": "DSA-1652",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1652"
},
{
"name": "FEDORA-2008-8736",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
},
{
"name": "oval:org.mitre.oval:def:11602",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
},
{
"name": "DSA-1651",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1651"
},
{
"name": "ruby-safelevel-security-bypass(44369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "RHSA-2008:0895",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
},
{
"name": "30644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30644"
},
{
"name": "RHSA-2008:0897",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
},
{
"name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
},
{
"name": "32219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32219"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "32255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32255"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "20080831 rPSA-2008-0264-1 ruby",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
},
{
"name": "32371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32371"
},
{
"name": "32165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32165"
},
{
"name": "GLSA-200812-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name": "33178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33178"
},
{
"name": "ADV-2008-2334",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2334"
},
{
"name": "32372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32372"
},
{
"name": "FEDORA-2008-8738",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
},
{
"name": "32256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32256"
}
]
}
}

140
2008/3xxx/CVE-2008-3941.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080902 Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=122039853426550&w=2"
},
{
"name" : "30980",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30980"
},
{
"name" : "4222",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30980"
},
{
"name": "20080902 Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=122039853426550&w=2"
},
{
"name": "4222",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4222"
}
]
}
}

130
2008/4xxx/CVE-2008-4055.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstorm.linuxsecurity.com/0808-exploits/millionpixel-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0808-exploits/millionpixel-sql.txt"
},
{
"name" : "31626",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31626"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstorm.linuxsecurity.com/0808-exploits/millionpixel-sql.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/millionpixel-sql.txt"
},
{
"name": "31626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31626"
}
]
}
}

170
2008/4xxx/CVE-2008-4970.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://bugs.debian.org/496371",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/496371"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests",
"refsource" : "CONFIRM",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name" : "30911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30911"
},
{
"name" : "lustretests-file-symlink(44819)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/496371",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
]
}
}

130
2008/6xxx/CVE-2008-6029.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6527",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6527"
},
{
"name" : "31308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6527",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6527"
},
{
"name": "31308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31308"
}
]
}
}

160
2008/6xxx/CVE-2008-6082.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6753",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6753"
},
{
"name" : "31757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31757"
},
{
"name" : "49177",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/49177"
},
{
"name" : "32269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32269"
},
{
"name" : "titanftpserver-sitewho-dos(45871)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32269"
},
{
"name": "31757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31757"
},
{
"name": "49177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49177"
},
{
"name": "6753",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6753"
},
{
"name": "titanftpserver-sitewho-dos(45871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45871"
}
]
}
}

140
2008/6xxx/CVE-2008-6281.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7268",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7268"
},
{
"name" : "32522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32522"
},
{
"name" : "32932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32932"
},
{
"name": "32522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32522"
},
{
"name": "7268",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7268"
}
]
}
}

160
2008/6xxx/CVE-2008-6768.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7500",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7500"
},
{
"name" : "32888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32888"
},
{
"name" : "51210",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51210"
},
{
"name" : "33212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33212"
},
{
"name" : "shopsystemexclusivplus-images-file-upload(47424)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47424"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51210",
"refsource": "OSVDB",
"url": "http://osvdb.org/51210"
},
{
"name": "33212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33212"
},
{
"name": "32888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32888"
},
{
"name": "7500",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7500"
},
{
"name": "shopsystemexclusivplus-images-file-upload(47424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47424"
}
]
}
}

190
2008/6xxx/CVE-2008-6821.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
},
{
"name" : "IZ22004",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
},
{
"name" : "IZ22188",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
},
{
"name" : "IZ22190",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
},
{
"name" : "35408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35408"
},
{
"name" : "31787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31787"
},
{
"name" : "db2-das-bo(51108)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21318189"
},
{
"name": "IZ22004",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004"
},
{
"name": "IZ22188",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188"
},
{
"name": "IZ22190",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190"
},
{
"name": "31787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31787"
},
{
"name": "35408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35408"
},
{
"name": "db2-das-bo(51108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51108"
}
]
}
}

150
2008/6xxx/CVE-2008-6881.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7441",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7441"
},
{
"name" : "32803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32803"
},
{
"name" : "33122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33122"
},
{
"name" : "livechat-getchat-sql-injection(47304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32803"
},
{
"name": "7441",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7441"
},
{
"name": "33122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33122"
},
{
"name": "livechat-getchat-sql-injection(47304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47304"
}
]
}
}

150
2013/2xxx/CVE-2013-2414.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name" : "RHSA-2013:0757",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name" : "TA13-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name" : "oval:org.mitre.oval:def:16667",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16667"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "oval:org.mitre.oval:def:16667",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16667"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
}
]
}
}

430
2013/2xxx/CVE-2013-2429.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"JPEGImageWriter state corruption\" when using native code, which triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
},
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/90c9f1577a0b",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/90c9f1577a0b"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952521",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952521"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name" : "APPLE-SA-2013-04-16-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02889",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name" : "SSRT101252",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name" : "HPSBUX02922",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name" : "SSRT101305",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name" : "MDVSA-2013:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
},
{
"name" : "MDVSA-2013:161",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name" : "RHSA-2013:0752",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name" : "RHSA-2013:0757",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name" : "RHSA-2013:0758",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "SUSE-SU-2013:0814",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0777",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
},
{
"name" : "SUSE-SU-2013:0835",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
},
{
"name" : "SUSE-SU-2013:0871",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
},
{
"name" : "SUSE-SU-2013:0934",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name" : "USN-1806-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name" : "TA13-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name" : "59184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59184"
},
{
"name" : "oval:org.mitre.oval:def:19107",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19107"
},
{
"name" : "oval:org.mitre.oval:def:19203",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"JPEGImageWriter state corruption\" when using native code, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
},
{
"name": "SUSE-SU-2013:0871",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
},
{
"name": "RHSA-2013:0758",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
},
{
"name": "oval:org.mitre.oval:def:19203",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19203"
},
{
"name": "APPLE-SA-2013-04-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
},
{
"name": "MDVSA-2013:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
},
{
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
},
{
"name": "SSRT101252",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "SSRT101305",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "HPSBUX02922",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952521",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952521"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
},
{
"name": "openSUSE-SU-2013:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
},
{
"name": "MDVSA-2013:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name": "oval:org.mitre.oval:def:19107",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19107"
},
{
"name": "openSUSE-SU-2013:0964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name": "RHSA-2013:0752",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name": "USN-1806-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "SUSE-SU-2013:0814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
},
{
"name": "59184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59184"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name": "SUSE-SU-2013:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
},
{
"name": "HPSBUX02889",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/90c9f1577a0b",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/90c9f1577a0b"
}
]
}
}

140
2013/2xxx/CVE-2013-2998.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name" : "IV34110",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
},
{
"name" : "ibm-maximo-cve20132998-info-disc(84841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV34110",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20132998-info-disc(84841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
}
]
}
}

142
2017/11xxx/CVE-2017-11279.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-11279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Digital Editions",
"version" : {
"version_data" : [
{
"version_value" : "4.5.4 and earlier."
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-11279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Digital Editions",
"version": {
"version_data": [
{
"version_value": "4.5.4 and earlier."
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html"
},
{
"name" : "100244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100244"
},
{
"name" : "1039100",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039100"
},
{
"name": "100244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100244"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html"
}
]
}
}

170
2017/11xxx/CVE-2017-11472.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"
},
{
"name" : "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6",
"refsource" : "CONFIRM",
"url" : "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"
},
{
"name" : "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"
},
{
"name" : "USN-3619-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-1/"
},
{
"name" : "USN-3619-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-2/"
},
{
"name" : "USN-3754-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3754-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"
},
{
"name": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6",
"refsource": "CONFIRM",
"url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"
},
{
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
}
]
}
}

140
2017/11xxx/CVE-2017-11641.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318",
"refsource" : "CONFIRM",
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318"
},
{
"name" : "DSA-4321",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
}
]
}
}

130
2017/14xxx/CVE-2017-14061.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.com/libidn/libidn2/blob/master/NEWS",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/libidn/libidn2/blob/master/NEWS"
},
{
"name" : "https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305",
"refsource": "CONFIRM",
"url": "https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305"
},
{
"name": "https://gitlab.com/libidn/libidn2/blob/master/NEWS",
"refsource": "CONFIRM",
"url": "https://gitlab.com/libidn/libidn2/blob/master/NEWS"
}
]
}
}

150
2017/14xxx/CVE-2017-14152.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/"
},
{
"name" : "https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154"
},
{
"name" : "https://github.com/uclouvain/openjpeg/issues/985",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/issues/985"
},
{
"name" : "DSA-4013",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-4013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4013"
},
{
"name": "https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/985",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/985"
},
{
"name": "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/"
}
]
}
}

180
2017/14xxx/CVE-2017-14267.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Sep/13",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Sep/13"
},
{
"name" : "https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup",
"refsource" : "MISC",
"url" : "https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup"
},
{
"name" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.html",
"refsource" : "MISC",
"url" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.html"
},
{
"name" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.html",
"refsource" : "MISC",
"url" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.html"
},
{
"name" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.html",
"refsource" : "MISC",
"url" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.html"
},
{
"name" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.html",
"refsource" : "MISC",
"url" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.html"
},
{
"name" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.html",
"refsource" : "MISC",
"url" : "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.html",
"refsource": "MISC",
"url": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.html"
},
{
"name": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.html",
"refsource": "MISC",
"url": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.html"
},
{
"name": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.html",
"refsource": "MISC",
"url": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.html"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Sep/13",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/13"
},
{
"name": "https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup",
"refsource": "MISC",
"url": "https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup"
},
{
"name": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.html",
"refsource": "MISC",
"url": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.html"
},
{
"name": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.html",
"refsource": "MISC",
"url": "https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.html"
}
]
}
}

120
2017/14xxx/CVE-2017-14544.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14544",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14544",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14544"
}
]
}
}

120
2017/14xxx/CVE-2017-14612.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "\"Shpock Boot Sale & Classifieds\" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/",
"refsource" : "MISC",
"url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"Shpock Boot Sale & Classifieds\" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/",
"refsource": "MISC",
"url": "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/"
}
]
}
}

140
2017/14xxx/CVE-2017-14977.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=103045",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"name" : "DSA-4079",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4079",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4079"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=103045",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=103045"
},
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1177-1] poppler security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html"
}
]
}
}

140
2017/15xxx/CVE-2017-15081.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43062",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43062/"
},
{
"name" : "http://w00troot.blogspot.in/2017/10/php-melody-2.html",
"refsource" : "MISC",
"url" : "http://w00troot.blogspot.in/2017/10/php-melody-2.html"
},
{
"name" : "https://pastebin.com/7Xjm8Wqt",
"refsource" : "MISC",
"url" : "https://pastebin.com/7Xjm8Wqt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/7Xjm8Wqt",
"refsource": "MISC",
"url": "https://pastebin.com/7Xjm8Wqt"
},
{
"name": "http://w00troot.blogspot.in/2017/10/php-melody-2.html",
"refsource": "MISC",
"url": "http://w00troot.blogspot.in/2017/10/php-melody-2.html"
},
{
"name": "43062",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43062/"
}
]
}
}

34
2017/15xxx/CVE-2017-15083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15083",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1642. Reason: This candidate is a reservation duplicate of CVE-2009-1642.2. Notes: All CVE users should reference CVE-2009-1642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15083",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1642. Reason: This candidate is a reservation duplicate of CVE-2009-1642.2. Notes: All CVE users should reference CVE-2009-1642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2017/15xxx/CVE-2017-15821.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-15821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-15821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44cd589c8a0f5a245e0003a7d0c4be1b5f3ba890",
"refsource" : "MISC",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44cd589c8a0f5a245e0003a7d0c4be1b5f3ba890"
},
{
"name" : "https://source.android.com/security/bulletin/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name" : "103254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44cd589c8a0f5a245e0003a7d0c4be1b5f3ba890",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44cd589c8a0f5a245e0003a7d0c4be1b5f3ba890"
},
{
"name": "103254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103254"
}
]
}
}

132
2017/15xxx/CVE-2017-15855.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-15855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers \"user-memory-access\" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Camera"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-15855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin",
"refsource" : "MISC",
"url" : "https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource" : "MISC",
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers \"user-memory-access\" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/03/29/march-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}

120
2017/15xxx/CVE-2017-15986.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CPA Lead Reward Script allows SQL Injection via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43073",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43073/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CPA Lead Reward Script allows SQL Injection via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43073",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43073/"
}
]
}
}

142
2017/8xxx/CVE-2017-8672.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-8672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Scripting Engine",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Scripting Engine",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672"
},
{
"name" : "100072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100072"
},
{
"name" : "1039095",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039095"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8672"
},
{
"name": "1039095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039095"
},
{
"name": "100072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100072"
}
]
}
}

204
2017/9xxx/CVE-2017-9271.json
View File

@ -1,105 +1,105 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.com",
"DATE_PUBLIC" : "2018-03-01T00:00:00.000Z",
"ID" : "CVE-2017-9271",
"STATE" : "PUBLIC",
"TITLE" : "proxy credentials written to log files by zypper"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-03-01T00:00:00.000Z",
"ID": "CVE-2017-9271",
"STATE": "PUBLIC",
"TITLE": "proxy credentials written to log files by zypper"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zypper",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mario Biberhofer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "zypper",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "SUSE"
"lang": "eng",
"value": "The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Mario Biberhofer"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Proxy credentials are writting into logfiles"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "CVE-532"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1050625",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name" : "https://www.suse.com/de-de/security/cve/CVE-2017-9271/",
"refsource" : "CONFIRM",
"url" : "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
}
]
},
"source" : {
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1050625"
],
"discovery" : "EXTERNAL"
}
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Proxy credentials are writting into logfiles"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CVE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1050625",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1050625"
],
"discovery": "EXTERNAL"
}
}

34
2017/9xxx/CVE-2017-9643.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9643",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9643",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/0xxx/CVE-2018-0150.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XE",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE",
"version": {
"version_data": [
{
"version_value": "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc"
},
{
"name" : "103539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103539"
},
{
"name" : "1040579",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc"
},
{
"name": "103539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103539"
},
{
"name": "1040579",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040579"
}
]
}
}

140
2018/0xxx/CVE-2018-0592.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft OneDrive",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft OneDrive",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#91151862",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN91151862/index.html"
},
{
"name" : "104563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource": "MISC",
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name": "JVN#91151862",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN91151862/index.html"
},
{
"name": "104563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104563"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000173.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-04-30T20:15:49.354918",
"DATE_REQUESTED" : "2018-04-16T00:00:00",
"ID" : "CVE-2018-1000173",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Google Login Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.3 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-384"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-04-30T20:15:49.354918",
"DATE_REQUESTED": "2018-04-16T00:00:00",
"ID": "CVE-2018-1000173",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-04-16/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-04-16/"
},
{
"name" : "104210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104210"
},
{
"name": "https://jenkins.io/security/advisory/2018-04-16/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-04-16/"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000401.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-08T15:52:41.205440",
"DATE_REQUESTED" : "2018-06-19T05:27:24",
"ID" : "CVE-2018-1000401",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins AWS CodePipeline Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.36 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficiently Protected Credentials"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.205440",
"DATE_REQUESTED": "2018-06-19T05:27:24",
"ID": "CVE-2018-1000401",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000527.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-23T11:22:32.998437",
"DATE_REQUESTED" : "2018-06-01T15:26:20",
"ID" : "CVE-2018-1000527",
"REQUESTER" : "sajeeb@0dd.zone",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Froxlor",
"version" : {
"version_data" : [
{
"version_value" : "<= 0.9.39.5"
}
]
}
}
]
},
"vendor_name" : "Froxlor"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "PHP Object Injection"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:32.998437",
"DATE_REQUESTED": "2018-06-01T15:26:20",
"ID": "CVE-2018-1000527",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/",
"refsource" : "MISC",
"url" : "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/"
},
{
"name" : "https://github.com/Froxlor/Froxlor/issues/555",
"refsource" : "MISC",
"url" : "https://github.com/Froxlor/Froxlor/issues/555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/05/31/Froxlor-Object-Injection/"
},
{
"name": "https://github.com/Froxlor/Froxlor/issues/555",
"refsource": "MISC",
"url": "https://github.com/Froxlor/Froxlor/issues/555"
}
]
}
}

34
2018/12xxx/CVE-2018-12282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2018/12xxx/CVE-2018-12462.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-07-02T05:00:00.000Z",
"ID" : "CVE-2018-12462",
"STATE" : "PUBLIC",
"TITLE" : "NetIQ iManager XSS vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iManager",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "NetIQ iManager",
"version_value" : "3.1.1"
}
]
}
}
]
},
"vendor_name" : "NetIQ"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 4.8,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-07-02T05:00:00.000Z",
"ID": "CVE-2018-12462",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager XSS vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "NetIQ iManager",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.microfocus.com/kb/doc.php?id=7016795",
"refsource" : "CONFIRM",
"url" : "https://support.microfocus.com/kb/doc.php?id=7016795"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Upgrade to NetIQ iManager 3.1.1"
}
],
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

130
2018/13xxx/CVE-2018-13157.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin"
}
]
}
}

130
2018/16xxx/CVE-2018-16166.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LogonTracer",
"version" : {
"version_data" : [
{
"version_value" : "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "JPCERT Coordination Center"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML external entities (XXE)"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LogonTracer",
"version": {
"version_data": [
{
"version_value": "1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "JPCERT Coordination Center"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource" : "MISC",
"url" : "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name" : "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource" : "MISC",
"url" : "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
}

34
2018/16xxx/CVE-2018-16249.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16249",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16249",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16338.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/auracms/AuraCMS/issues/3",
"refsource" : "MISC",
"url" : "https://github.com/auracms/AuraCMS/issues/3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auracms/AuraCMS/issues/3",
"refsource": "MISC",
"url": "https://github.com/auracms/AuraCMS/issues/3"
}
]
}
}

34
2018/16xxx/CVE-2018-16356.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16356",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16356",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/16xxx/CVE-2018-16883.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-16883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sssd",
"version" : {
"version_data" : [
{
"version_value" : "2.0.0"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the \"allowed_uids\" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "2.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
},
{
"name" : "106264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the \"allowed_uids\" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106264"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883"
}
]
}
}

34
2018/4xxx/CVE-2018-4346.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4346",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4346",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4488.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4488",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4488",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2018/4xxx/CVE-2018-4878.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player before 28.0.0.161",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player before 28.0.0.161"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "use-after-free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player before 28.0.0.161",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player before 28.0.0.161"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44412",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44412/"
},
{
"name" : "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html",
"refsource" : "MISC",
"url" : "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html"
},
{
"name" : "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign",
"refsource" : "MISC",
"url" : "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign"
},
{
"name" : "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day",
"refsource" : "MISC",
"url" : "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day"
},
{
"name" : "https://github.com/vysec/CVE-2018-4878",
"refsource" : "MISC",
"url" : "https://github.com/vysec/CVE-2018-4878"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name" : "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/",
"refsource" : "MISC",
"url" : "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/"
},
{
"name" : "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/",
"refsource" : "MISC",
"url" : "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/"
},
{
"name" : "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139",
"refsource" : "MISC",
"url" : "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139"
},
{
"name" : "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html",
"refsource" : "MISC",
"url" : "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html"
},
{
"name" : "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets",
"refsource" : "MISC",
"url" : "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets"
},
{
"name" : "RHSA-2018:0285",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name" : "102893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102893"
},
{
"name" : "1040318",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html",
"refsource": "MISC",
"url": "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html"
},
{
"name": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/",
"refsource": "MISC",
"url": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name": "RHSA-2018:0285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name": "1040318",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040318"
},
{
"name": "102893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102893"
},
{
"name": "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html",
"refsource": "MISC",
"url": "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html"
},
{
"name": "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign",
"refsource": "MISC",
"url": "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign"
},
{
"name": "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139",
"refsource": "MISC",
"url": "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139"
},
{
"name": "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day",
"refsource": "MISC",
"url": "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day"
},
{
"name": "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets",
"refsource": "MISC",
"url": "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets"
},
{
"name": "https://github.com/vysec/CVE-2018-4878",
"refsource": "MISC",
"url": "https://github.com/vysec/CVE-2018-4878"
},
{
"name": "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/",
"refsource": "MISC",
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/"
},
{
"name": "44412",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44412/"
}
]
}
}