admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:25:24 +00:00
parent e9169ab025
commit e83e543b88
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3597 additions and 3597 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

790
2008/0xxx/CVE-2008-0006.json
View File

@ -1,397 +1,397 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-0006", "ID": "CVE-2008-0006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487335/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table."
{ }
"name" : "[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server", ]
"refsource" : "MLIST", },
"url" : "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=204362", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=204362" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=428044", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=428044" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm" "name": "28542",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28542"
"name" : "https://issues.rpath.com/browse/RPL-2010", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2010" "name": "29139",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29139"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm"
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities", },
"refsource" : "CONFIRM", {
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities" "name": "27336",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27336"
"name" : "http://docs.info.apple.com/article.html?artnum=307562", },
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=307562" "name": "ADV-2008-0184",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0184"
"name" : "APPLE-SA-2008-03-18", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" "name": "103192",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1"
"name" : "FEDORA-2008-0760", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html" "name": "29622",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29622"
"name" : "FEDORA-2008-0794", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html" "name": "FEDORA-2008-0831",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html"
"name" : "FEDORA-2008-0831", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html" "name": "FEDORA-2008-0794",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html"
"name" : "FEDORA-2008-0891", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html" "name": "SUSE-SA:2008:003",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html"
"name" : "GLSA-200801-09", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200801-09.xml" "name": "SUSE-SR:2008:008",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
"name" : "GLSA-200804-05", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200804-05.xml" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=428044",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=428044"
"name" : "GLSA-200805-07", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml" "name": "28500",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28500"
"name" : "HPSBUX02381", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321" "name": "28532",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28532"
"name" : "SSRT080083", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321" "name": "29707",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29707"
"name" : "MDVSA-2008:021", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021" "name": "MDVSA-2008:024",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:024"
"name" : "MDVSA-2008:022", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022" "name": "28843",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28843"
"name" : "MDVSA-2008:024", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:024" "name": "28540",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28540"
"name" : "[4.1] 20080208 012: SECURITY FIX: February 8, 2008", },
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata41.html#012_xorg" "name": "SSRT080083",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
"name" : "[4.2] 20080208 006: SECURITY FIX: February 8, 2008", },
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata42.html#006_xorg" "name": "20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/487335/100/0/threaded"
"name" : "RHSA-2008:0029", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0029.html" "name": "28544",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28544"
"name" : "RHSA-2008:0030", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0030.html" "name": "ADV-2008-0703",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0703"
"name" : "RHSA-2008:0064", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0064.html" "name": "MDVSA-2008:021",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021"
"name" : "103192", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1" "name": "oval:org.mitre.oval:def:10021",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021"
"name" : "201230", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1" "name": "ADV-2008-0924",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0924/references"
"name" : "SUSE-SA:2008:003", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html" "name": "28718",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28718"
"name" : "SUSE-SR:2008:008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html" "name": "RHSA-2008:0029",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0029.html"
"name" : "USN-571-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/571-1/" "name": "[4.1] 20080208 012: SECURITY FIX: February 8, 2008",
}, "refsource": "OPENBSD",
{ "url": "http://www.openbsd.org/errata41.html#012_xorg"
"name" : "VU#203220", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/203220" "name": "28941",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28941"
"name" : "JVN#88935101", },
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN88935101/index.html" "name": "28592",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28592"
"name" : "JVNDB-2008-001043", },
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html" "name": "RHSA-2008:0064",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0064.html"
"name" : "27336", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27336" "name": "xorg-pcffont-bo(39767)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39767"
"name" : "27352", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27352" "name": "HPSBUX02381",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
"name" : "oval:org.mitre.oval:def:10021", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021" "name": "28621",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28621"
"name" : "32545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32545" "name": "29420",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29420"
"name" : "ADV-2008-0179", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0179" "name": "MDVSA-2008:022",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
"name" : "ADV-2008-0184", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0184" "name": "APPLE-SA-2008-03-18",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
"name" : "ADV-2008-0497", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0497/references" "name": "30161",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30161"
"name" : "ADV-2008-0703", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0703" "name": "GLSA-200805-07",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
"name" : "ADV-2008-0924", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0924/references" "name": "RHSA-2008:0030",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0030.html"
"name" : "1019232", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019232" "name": "28273",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28273"
"name" : "28532", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28532" "name": "VU#203220",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/203220"
"name" : "28535", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28535" "name": "28550",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28550"
"name" : "28536", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28536" "name": "ADV-2008-0497",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0497/references"
"name" : "28540", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28540" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm"
"name" : "28542", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28542" "name": "JVNDB-2008-001043",
}, "refsource": "JVNDB",
{ "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html"
"name" : "28544", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28544" "name": "http://bugs.gentoo.org/show_bug.cgi?id=204362",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=204362"
"name" : "28550", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28550" "name": "28885",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28885"
"name" : "28273", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28273" "name": "USN-571-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/571-1/"
"name" : "28500", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28500" "name": "GLSA-200804-05",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200804-05.xml"
"name" : "28592", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28592" "name": "28535",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28535"
"name" : "28571", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28571" "name": "FEDORA-2008-0891",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html"
"name" : "28621", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28621" "name": "ADV-2008-3000",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/3000"
"name" : "28718", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28718" "name": "http://docs.info.apple.com/article.html?artnum=307562",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=307562"
"name" : "28843", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28843" "name": "[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server",
}, "refsource": "MLIST",
{ "url": "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html"
"name" : "28885", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28885" "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities",
}, "refsource": "CONFIRM",
{ "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities"
"name" : "28941", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28941" "name": "27352",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27352"
"name" : "29139", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29139" "name": "32545",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32545"
"name" : "29420", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29420" "name": "1019232",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019232"
"name" : "29622", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29622" "name": "https://issues.rpath.com/browse/RPL-2010",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2010"
"name" : "29707", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29707" "name": "[4.2] 20080208 006: SECURITY FIX: February 8, 2008",
}, "refsource": "OPENBSD",
{ "url": "http://www.openbsd.org/errata42.html#006_xorg"
"name" : "30161", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30161" "name": "FEDORA-2008-0760",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html"
"name" : "ADV-2008-3000", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3000" "name": "28571",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28571"
"name" : "xorg-pcffont-bo(39767)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39767" "name": "28536",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/28536"
} },
} {
"name": "JVN#88935101",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN88935101/index.html"
},
{
"name": "GLSA-200801-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-09.xml"
},
{
"name": "ADV-2008-0179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0179"
},
{
"name": "201230",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1"
}
]
}
}

170
2008/0xxx/CVE-2008-0372.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0372", "ID": "CVE-2008-0372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486398/100/0/threaded" "lang": "eng",
}, "value": "8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request."
{ }
"name" : "20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/486770/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27309", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27309" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28524", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28524" ]
}, },
{ "references": {
"name" : "3557", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3557" "name": "20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486770/100/0/threaded"
"name" : "r3000-urlfilter-security-bypass(39723)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39723" "name": "3557",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3557"
} },
} {
"name": "27309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27309"
},
{
"name": "28524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28524"
},
{
"name": "r3000-urlfilter-security-bypass(39723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39723"
},
{
"name": "20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486398/100/0/threaded"
}
]
}
}

130
2008/0xxx/CVE-2008-0448.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0448", "ID": "CVE-2008-0448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080120 Php Search Remote Inclusion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=120093067011293&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter."
{ }
"name" : "phpsearch-classhttpretriever-file-include(39805)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39805" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpsearch-classhttpretriever-file-include(39805)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39805"
},
{
"name": "20080120 Php Search Remote Inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=120093067011293&w=2"
}
]
}
}

130
2008/0xxx/CVE-2008-0652.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0652", "ID": "CVE-2008-0652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5073", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5073" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action."
{ }
"name" : "27648", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27648" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27648"
},
{
"name": "5073",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5073"
}
]
}
}

190
2008/0xxx/CVE-2008-0748.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0748", "ID": "CVE-2008-0748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080208 Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487802/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information."
{ }
"name" : "20080208 Re: Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/487805/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5086", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5086" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5100", ]
"refsource" : "EXPLOIT-DB", }
"url" : "https://www.exploit-db.com/exploits/5100" ]
}, },
{ "references": {
"name" : "27715", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27715" "name": "20080208 Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/487802/100/0/threaded"
"name" : "ADV-2008-0483", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0483" "name": "3648",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3648"
"name" : "28854", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28854" "name": "5086",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5086"
"name" : "3648", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3648" "name": "28854",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/28854"
} },
} {
"name": "5100",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5100"
},
{
"name": "27715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27715"
},
{
"name": "ADV-2008-0483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0483"
},
{
"name": "20080208 Re: Buffer Overflow Vulnerability in AxRUploadServer.dll, Activex Method (SetLogging)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487805/100/0/threaded"
}
]
}
}

140
2008/1xxx/CVE-2008-1261.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1261", "ID": "CVE-2008-1261",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080301 The Router Hacking Challenge is Over!", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" "lang": "eng",
}, "value": "The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides different responses to admin page requests depending on whether a user is logged in, which allows remote attackers to obtain current login status by requesting an arbitrary admin URI."
{ }
"name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", ]
"refsource" : "MISC", },
"url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "zyxel-p2602hwd1a-loginstatus-info-disclosure(41113)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41113" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "zyxel-p2602hwd1a-loginstatus-info-disclosure(41113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41113"
}
]
}
}

160
2008/1xxx/CVE-2008-1317.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1317", "ID": "CVE-2008-1317",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "231403", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231403-1" "lang": "eng",
}, "value": "Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues."
{ }
"name" : "28214", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28214" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0858", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0858/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29352", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29352" ]
}, },
{ "references": {
"name" : "sun-solaris-ipc-dos(41146)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41146" "name": "29352",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29352"
} },
} {
"name": "sun-solaris-ipc-dos(41146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41146"
},
{
"name": "28214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28214"
},
{
"name": "ADV-2008-0858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0858/references"
},
{
"name": "231403",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231403-1"
}
]
}
}

200
2008/1xxx/CVE-2008-1397.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1397", "ID": "CVE-2008-1397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf" "lang": "eng",
}, "value": "Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint."
{ }
"name" : "http://puresecurity.com.au/index.php?action=fullnews&id=5", ]
"refsource" : "MISC", },
"url" : "http://puresecurity.com.au/index.php?action=fullnews&id=5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579", "description": [
"refsource" : "CONFIRM", {
"url" : "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#992585", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/992585" ]
}, },
{ "references": {
"name" : "28299", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28299" "name": "http://puresecurity.com.au/index.php?action=fullnews&id=5",
}, "refsource": "MISC",
{ "url": "http://puresecurity.com.au/index.php?action=fullnews&id=5"
"name" : "ADV-2008-0953", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0953/references" "name": "28299",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28299"
"name" : "1019666", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019666" "name": "VU#992585",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/992585"
"name" : "29394", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29394" "name": "29394",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29394"
"name" : "vpn1-ipaddress-dos(41260)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260" "name": "1019666",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1019666"
} },
} {
"name": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf",
"refsource": "MISC",
"url": "http://www.puresecurity.com.au/files/PureSecurity%20VPN-1%20DoS_Spoofing%20Attack%20against%20VPN%20tunnels.pdf"
},
{
"name": "ADV-2008-0953",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0953/references"
},
{
"name": "vpn1-ipaddress-dos(41260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41260"
},
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk34579"
}
]
}
}

150
2008/1xxx/CVE-2008-1608.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1608", "ID": "CVE-2008-1608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5502", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5502" "lang": "eng",
}, "value": "SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583."
{ }
"name" : "http://www.securityfocus.com/bid/28437/exploit", ]
"refsource" : "MISC", },
"url" : "http://www.securityfocus.com/bid/28437/exploit" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28437", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28437" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "clevercopy-postview-sql-injection(41450)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41450" ]
} },
] "references": {
} "reference_data": [
} {
"name": "28437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28437"
},
{
"name": "clevercopy-postview-sql-injection(41450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41450"
},
{
"name": "5502",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5502"
},
{
"name": "http://www.securityfocus.com/bid/28437/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/28437/exploit"
}
]
}
}

150
2008/1xxx/CVE-2008-1629.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1629", "ID": "CVE-2008-1629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "28510", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28510" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29579", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29579" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpkrm-unspecified-xss(41548)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41548" ]
} },
] "references": {
} "reference_data": [
} {
"name": "phpkrm-unspecified-xss(41548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41548"
},
{
"name": "29579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29579"
},
{
"name": "28510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28510"
},
{
"name": "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/phpkrm/?branch_id=58803&release_id=274667"
}
]
}
}

150
2008/5xxx/CVE-2008-5075.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5075", "ID": "CVE-2008-5075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6596", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6596" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php."
{ }
"name" : "31445", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31445" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4596", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4596" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "euploaderpro-id-sql-injection(45487)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45487" ]
} },
] "references": {
} "reference_data": [
} {
"name": "euploaderpro-id-sql-injection(45487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45487"
},
{
"name": "4596",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4596"
},
{
"name": "6596",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6596"
},
{
"name": "31445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31445"
}
]
}
}

150
2008/5xxx/CVE-2008-5670.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5670", "ID": "CVE-2008-5670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/487483/100/200/threaded" "lang": "eng",
}, "value": "Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session."
{ }
"name" : "27606", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27606" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28793", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28793" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4786", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4786" ]
} },
] "references": {
} "reference_data": [
} {
"name": "28793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28793"
},
{
"name": "27606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27606"
},
{
"name": "20080204 [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487483/100/200/threaded"
},
{
"name": "4786",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4786"
}
]
}
}

170
2013/0xxx/CVE-2013-0090.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-0090", "ID": "CVE-2013-0090",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CCaret Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40935", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40935/" "lang": "eng",
}, "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CCaret Use After Free Vulnerability.\""
{ }
"name" : "http://blog.skylined.nl/20161216001.html", ]
"refsource" : "MISC", },
"url" : "http://blog.skylined.nl/20161216001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS13-021", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021" ]
}, },
{ "references": {
"name" : "TA13-071A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A" "name": "40935",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/40935/"
"name" : "oval:org.mitre.oval:def:16049", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16049" "name": "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/140186/Microsoft-Internet-Explorer-9-IEFRAME-CView-EnsureSize-Use-After-Free.html"
} },
} {
"name": "oval:org.mitre.oval:def:16049",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16049"
},
{
"name": "TA13-071A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
},
{
"name": "MS13-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021"
},
{
"name": "http://blog.skylined.nl/20161216001.html",
"refsource": "MISC",
"url": "http://blog.skylined.nl/20161216001.html"
}
]
}
}

140
2013/3xxx/CVE-2013-3148.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3148", "ID": "CVE-2013-3148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3153."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-055", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3153."
{ }
"name" : "TA13-190A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:17034", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17034" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
},
{
"name": "TA13-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-190A"
},
{
"name": "oval:org.mitre.oval:def:17034",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17034"
}
]
}
}

140
2013/3xxx/CVE-2013-3350.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-3350", "ID": "CVE-2013-3350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h", "description_data": [
"refsource" : "MISC", {
"url" : "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h" "lang": "eng",
}, "value": "Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-19.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-19.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1028757", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028757" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-19.html"
},
{
"name": "1028757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028757"
},
{
"name": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h",
"refsource": "MISC",
"url": "http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h"
}
]
}
}

34
2013/4xxx/CVE-2013-4072.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4072", "ID": "CVE-2013-4072",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/4xxx/CVE-2013-4758.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4758", "ID": "CVE-2013-4758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130705 LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/07/05/2" "lang": "eng",
}, "value": "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response."
{ }
"name" : "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130705 LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/05/2"
},
{
"name": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/",
"refsource": "CONFIRM",
"url": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/"
},
{
"name": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/",
"refsource": "CONFIRM",
"url": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/"
}
]
}
}

160
2013/4xxx/CVE-2013-4881.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4881", "ID": "CVE-2013-4881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130807 Multiple Vulnerabilities in BigTree CMS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php."
{ }
"name" : "https://www.htbridge.com/advisory/HTB23165", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.com/advisory/HTB23165" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "96009", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/96009" ]
}, },
{ "references": {
"name" : "bigtreecms-cve20134881-csrf(86286)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86286" "name": "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834",
} "refsource": "CONFIRM",
] "url": "https://github.com/bigtreecms/BigTree-CMS/commit/4b0faa90fa8b9e1776c86db716894dcd7e6b4834"
} },
} {
"name": "96009",
"refsource": "OSVDB",
"url": "http://osvdb.org/96009"
},
{
"name": "bigtreecms-cve20134881-csrf(86286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86286"
},
{
"name": "20130807 Multiple Vulnerabilities in BigTree CMS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0039.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23165",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23165"
}
]
}
}

34
2013/4xxx/CVE-2013-4901.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4901", "ID": "CVE-2013-4901",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6296.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6296", "ID": "CVE-2013-6296",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2013/6xxx/CVE-2013-6634.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6634", "ID": "CVE-2013-6634",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html" "lang": "eng",
}, "value": "The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=307159", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=307159" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2811", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2811" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1927", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html" "name": "56217",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56217"
"name" : "openSUSE-SU-2013:1933", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html" "name": "openSUSE-SU-2014:0065",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name" : "openSUSE-SU-2014:0065", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" "name": "https://code.google.com/p/chromium/issues/detail?id=307159",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=307159"
"name" : "1029442", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029442" "name": "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision",
}, "refsource": "CONFIRM",
{ "url": "https://src.chromium.org/viewvc/chrome?revision=236563&view=revision"
"name" : "56217", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56217" "name": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html",
} "refsource": "CONFIRM",
] "url": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html"
} },
} {
"name": "openSUSE-SU-2013:1933",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html"
},
{
"name": "DSA-2811",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2811"
},
{
"name": "openSUSE-SU-2013:1927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html"
},
{
"name": "1029442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029442"
}
]
}
}

130
2013/6xxx/CVE-2013-6733.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-6733", "ID": "CVE-2013-6733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659419", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659419" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "ibm-sametime-cve20136733-xss(89396)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89396" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659419",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659419"
},
{
"name": "ibm-sametime-cve20136733-xss(89396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89396"
}
]
}
}

34
2013/6xxx/CVE-2013-6848.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6848", "ID": "CVE-2013-6848",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

320
2013/7xxx/CVE-2013-7265.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7265", "ID": "CVE-2013-7265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131128 Re: CVE Request: Linux kernel: net: uninitialised memory leakage", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/11/28/13" "lang": "eng",
}, "value": "The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call."
{ }
"name" : "[oss-security] 20140107 oss-sec: CVE split and a missed file", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2014/q1/29" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1035875", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1035875" "name": "USN-2135-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2135-1"
"name" : "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69" "name": "RHSA-2014:0159",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0159.html"
"name" : "RHSA-2014:0159", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0159.html" "name": "USN-2138-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2138-1"
"name" : "SUSE-SU-2014:0459", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html" "name": "USN-2108-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2108-1"
"name" : "USN-2107-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2107-1" "name": "USN-2113-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2113-1"
"name" : "USN-2108-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2108-1" "name": "USN-2141-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2141-1"
"name" : "USN-2113-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2113-1" "name": "USN-2110-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2110-1"
"name" : "USN-2117-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2117-1" "name": "[oss-security] 20140107 oss-sec: CVE split and a missed file",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2014/q1/29"
"name" : "USN-2109-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2109-1" "name": "USN-2136-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2136-1"
"name" : "USN-2110-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2110-1" "name": "USN-2139-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2139-1"
"name" : "USN-2135-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2135-1" "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4"
"name" : "USN-2136-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2136-1" "name": "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/bceaa90240b6019ed73b49965eac7d167610be69"
"name" : "USN-2138-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2138-1" "name": "USN-2117-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2117-1"
"name" : "USN-2139-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2139-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1035875",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035875"
"name" : "USN-2141-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2141-1" "name": "56036",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56036"
"name" : "55882", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55882" "name": "USN-2109-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2109-1"
"name" : "56036", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56036" "name": "SUSE-SU-2014:0459",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html"
} },
} {
"name": "USN-2107-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2107-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bceaa90240b6019ed73b49965eac7d167610be69"
},
{
"name": "[oss-security] 20131128 Re: CVE Request: Linux kernel: net: uninitialised memory leakage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/13"
},
{
"name": "55882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55882"
}
]
}
}

170
2013/7xxx/CVE-2013-7315.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7315", "ID": "CVE-2013-7315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2013/Aug/154" "lang": "eng",
}, "value": "The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions."
{ }
"name" : "20131102 XXE Injection in Spring Framework", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2013/Nov/14" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.gopivotal.com/security/cve-2013-4152", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.gopivotal.com/security/cve-2013-4152" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://jira.springsource.org/browse/SPR-10806", ]
"refsource" : "CONFIRM", }
"url" : "https://jira.springsource.org/browse/SPR-10806" ]
}, },
{ "references": {
"name" : "DSA-2842", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2842" "name": "http://www.gopivotal.com/security/cve-2013-4152",
}, "refsource": "CONFIRM",
{ "url": "http://www.gopivotal.com/security/cve-2013-4152"
"name" : "77998", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/77998" "name": "20131102 XXE Injection in Spring Framework",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2013/Nov/14"
} },
} {
"name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/154"
},
{
"name": "DSA-2842",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2842"
},
{
"name": "77998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77998"
},
{
"name": "https://jira.springsource.org/browse/SPR-10806",
"refsource": "CONFIRM",
"url": "https://jira.springsource.org/browse/SPR-10806"
}
]
}
}

152
2017/10xxx/CVE-2017-10145.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10145", "ID": "CVE-2017-10145",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java Advanced Management Console: 2.6" "version_value": "Java Advanced Management Console: 2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20170720-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20170720-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99804", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99804" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java Advanced Management Console. While the vulnerability is in Java Advanced Management Console, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data as well as unauthorized read access to a subset of Java Advanced Management Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console."
{ }
"name" : "1038931", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038931" ]
} },
] "references": {
} "reference_data": [
} {
"name": "99804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99804"
},
{
"name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
},
{
"name": "1038931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038931"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10789.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10789", "ID": "CVE-2017-10789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/perl5-dbi/DBD-mysql/issues/110", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/perl5-dbi/DBD-mysql/issues/110" "lang": "eng",
}, "value": "The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152."
{ }
"name" : "https://github.com/perl5-dbi/DBD-mysql/pull/114", ]
"refsource" : "MISC", },
"url" : "https://github.com/perl5-dbi/DBD-mysql/pull/114" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/perl5-dbi/DBD-mysql/issues/140", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/perl5-dbi/DBD-mysql/issues/140" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99364", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99364" ]
} },
] "references": {
} "reference_data": [
} {
"name": "99364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99364"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/issues/140",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/140"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/pull/114",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/pull/114"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/issues/110",
"refsource": "MISC",
"url": "https://github.com/perl5-dbi/DBD-mysql/issues/110"
}
]
}
}

130
2017/10xxx/CVE-2017-10820.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10820", "ID": "CVE-2017-10820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Installer of IP Messenger for Win", "product_name": "Installer of IP Messenger for Win",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.60 and earlier" "version_value": "4.60 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "H.Shirouzu / Asahi Net, Inc." "vendor_name": "H.Shirouzu / Asahi Net, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ipmsg.org/ipmsg_dll_vulnerability.html.en", "description_data": [
"refsource" : "MISC", {
"url" : "https://ipmsg.org/ipmsg_dll_vulnerability.html.en" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
{ }
"name" : "JVN#86724730", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN86724730/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ipmsg.org/ipmsg_dll_vulnerability.html.en",
"refsource": "MISC",
"url": "https://ipmsg.org/ipmsg_dll_vulnerability.html.en"
},
{
"name": "JVN#86724730",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN86724730/index.html"
}
]
}
}

136
2017/10xxx/CVE-2017-10907.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10907", "ID": "CVE-2017-10907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "OneThird CMS", "product_name": "OneThird CMS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Show Off v1.85 and earlier" "version_value": "Show Off v1.85 and earlier"
}, },
{ {
"version_value" : "Show Off v1.85 en and earlier" "version_value": "Show Off v1.85 en and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SpiQe Software" "vendor_name": "SpiQe Software"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://onethird.net/en/p1307.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://onethird.net/en/p1307.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors."
{ }
"name" : "JVN#93333702", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN93333702/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#93333702",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"name": "https://onethird.net/en/p1307.html",
"refsource": "CONFIRM",
"url": "https://onethird.net/en/p1307.html"
}
]
}
}

160
2017/12xxx/CVE-2017-12240.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12240", "ID": "CVE-2017-12240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS and IOS XE", "product_name": "Cisco IOS and IOS XE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS and IOS XE" "version_value": "Cisco IOS and IOS XE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390" "lang": "eng",
}, "value": "The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959."
{ }
"name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959", ]
"refsource" : "CONFIRM", },
"url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp", "description": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp" "lang": "eng",
}, "value": "CWE-20"
{ }
"name" : "101034", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/101034" ]
}, },
{ "references": {
"name" : "1039445", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039445" "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959",
} "refsource": "CONFIRM",
] "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959"
} },
} {
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390",
"refsource": "CONFIRM",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390"
},
{
"name": "101034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101034"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp"
},
{
"name": "1039445",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039445"
}
]
}
}

130
2017/12xxx/CVE-2017-12257.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12257", "ID": "CVE-2017-12257",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco WebEx Meetings Server", "product_name": "Cisco WebEx Meetings Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco WebEx Meetings Server" "version_value": "Cisco WebEx Meetings Server"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms" "lang": "eng",
}, "value": "A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608."
{ }
"name" : "101167", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101167" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-wms"
},
{
"name": "101167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101167"
}
]
}
}

142
2017/12xxx/CVE-2017-12513.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00", "DATE_PUBLIC": "2017-08-11T00:00:00",
"ID" : "CVE-2017-12513", "ID": "CVE-2017-12513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "PLAT 7.3 (E0504)" "version_value": "PLAT 7.3 (E0504)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" "lang": "eng",
}, "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
{ }
"name" : "100367", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100367" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039152", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039152" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039152"
},
{
"name": "100367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100367"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
}
]
}
}

34
2017/12xxx/CVE-2017-12772.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12772", "ID": "CVE-2017-12772",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/13xxx/CVE-2017-13056.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13056", "ID": "CVE-2017-13056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html" "lang": "eng",
} "value": "The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html"
}
]
}
}

34
2017/13xxx/CVE-2017-13057.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13057", "ID": "CVE-2017-13057",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2017/13xxx/CVE-2017-13833.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-13833", "ID": "CVE-2017-13833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"CFNetwork\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208221", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"CFNetwork\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "https://support.apple.com/HT208331", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208331" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102100", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102100" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1039952", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039952" ]
}, },
{ "references": {
"name" : "1039953", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039953" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "1039966", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039966" "name": "https://support.apple.com/HT208331",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT208331"
} },
} {
"name": "1039966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039966"
},
{
"name": "1039953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039953"
},
{
"name": "1039952",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039952"
},
{
"name": "102100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102100"
}
]
}
}

34
2017/17xxx/CVE-2017-17720.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17720", "ID": "CVE-2017-17720",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/0xxx/CVE-2018-0704.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0704", "ID": "CVE-2018-0704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cybozu Office", "product_name": "Cybozu Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.0.0 to 10.8.1" "version_value": "10.0.0 to 10.8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cybozu, Inc." "vendor_name": "Cybozu, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.cybozu.support/article/34091/", "description_data": [
"refsource" : "MISC", {
"url" : "https://kb.cybozu.support/article/34091/" "lang": "eng",
}, "value": "Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen."
{ }
"name" : "JVN#15232217", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN15232217/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15232217",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15232217/index.html"
},
{
"name": "https://kb.cybozu.support/article/34091/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34091/"
}
]
}
}

120
2018/18xxx/CVE-2018-18252.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18252", "ID": "CVE-2018-18252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides \"NT AUTHORITY\\SYSTEM\" access to unprivileged users via the --system option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://improsec.com/tech-blog/cam1", "description_data": [
"refsource" : "MISC", {
"url" : "https://improsec.com/tech-blog/cam1" "lang": "eng",
} "value": "An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides \"NT AUTHORITY\\SYSTEM\" access to unprivileged users via the --system option."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://improsec.com/tech-blog/cam1",
"refsource": "MISC",
"url": "https://improsec.com/tech-blog/cam1"
}
]
}
}

140
2018/18xxx/CVE-2018-18428.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18428", "ID": "CVE-2018-18428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45632", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45632/" "lang": "eng",
}, "value": "TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI."
{ }
"name" : "https://packetstormsecurity.com/files/149843", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/149843" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php", "description": [
"refsource" : "MISC", {
"url" : "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php"
},
{
"name": "https://packetstormsecurity.com/files/149843",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/149843"
},
{
"name": "45632",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45632/"
}
]
}
}

120
2018/18xxx/CVE-2018-18488.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18488", "ID": "CVE-2018-18488",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In \\lib\\admin\\action\\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunu11.com/2018/10/18/glxcms/", "description_data": [
"refsource" : "MISC", {
"url" : "http://sunu11.com/2018/10/18/glxcms/" "lang": "eng",
} "value": "In \\lib\\admin\\action\\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunu11.com/2018/10/18/glxcms/",
"refsource": "MISC",
"url": "http://sunu11.com/2018/10/18/glxcms/"
}
]
}
}

34
2018/18xxx/CVE-2018-18910.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18910", "ID": "CVE-2018-18910",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/19xxx/CVE-2018-19017.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-17T00:00:00", "DATE_PUBLIC": "2019-01-17T00:00:00",
"ID" : "CVE-2018-19017", "ID": "CVE-2018-19017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CX-Supervisor", "product_name": "CX-Supervisor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions 3.42 and prior" "version_value": "Versions 3.42 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "USE AFTER FREE CWE-416"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01" "lang": "eng",
}, "value": "Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application."
{ }
"name" : "106654", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106654" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106654"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
}
]
}
}

120
2018/19xxx/CVE-2018-19052.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19052", "ID": "CVE-2018-19052",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1" "lang": "eng",
} "value": "An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1",
"refsource": "MISC",
"url": "https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1"
}
]
}
}

140
2018/19xxx/CVE-2018-19933.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19933", "ID": "CVE-2018-19933",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "46014", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/46014/" "lang": "eng",
}, "value": "Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry."
{ }
"name" : "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting", ]
"refsource" : "MISC", },
"url" : "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html", "description": [
"refsource" : "MISC", {
"url" : "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "46014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46014/"
},
{
"name": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting",
"refsource": "MISC",
"url": "https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting"
},
{
"name": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html",
"refsource": "MISC",
"url": "https://www.raifberkaydincel.com/bolt-cms-xss-vulnerability.html"
}
]
}
}

200
2018/1xxx/CVE-2018-1118.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-1118", "ID": "CVE-2018-1118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "vhost", "product_name": "vhost",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "since 4.8" "version_value": "since 4.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "kernel" "vendor_name": "kernel"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-665"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" "lang": "eng",
}, "value": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2018:2948", {
"refsource" : "REDHAT", "vectorString": "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948" "version": "3.0"
}, }
{ ]
"name" : "RHSA-2018:3083", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3083" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3096", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3096" "lang": "eng",
}, "value": "CWE-665"
{ }
"name" : "USN-3762-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3762-1/" ]
}, },
{ "references": {
"name" : "USN-3762-2", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3762-2/" "name": "RHSA-2018:3083",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:3083"
} },
} {
"name": "USN-3762-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3762-1/"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3762-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3762-2/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118"
}
]
}
}

210
2018/1xxx/CVE-2018-1711.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-18T00:00:00", "DATE_PUBLIC": "2018-09-18T00:00:00",
"ID" : "CVE-2018-1711", "ID": "CVE-2018-1711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DB2 for Linux, UNIX and Windows", "product_name": "DB2 for Linux, UNIX and Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.5" "version_value": "10.5"
}, },
{ {
"version_value" : "10.1" "version_value": "10.1"
}, },
{ {
"version_value" : "9.7" "version_value": "9.7"
}, },
{ {
"version_value" : "11.1" "version_value": "11.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "H",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "8.400",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729983", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729983" "lang": "eng",
}, "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369."
{ }
"name" : "105390", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105390" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "1042175", "A": "H",
"refsource" : "SECTRACK", "AC": "L",
"url" : "http://www.securitytracker.com/id/1042175" "AV": "L",
}, "C": "H",
{ "I": "H",
"name" : "ibm-db2-cve20181711-priv-escalation(146369)", "PR": "N",
"refsource" : "XF", "S": "U",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369" "SCORE": "8.400",
} "UI": "N"
] },
} "TM": {
} "E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105390"
},
{
"name": "1042175",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042175"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729983",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729983"
},
{
"name": "ibm-db2-cve20181711-priv-escalation(146369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/146369"
}
]
}
}

120
2018/5xxx/CVE-2018-5495.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@netapp.com", "ASSIGNER": "security-alert@netapp.com",
"ID" : "CVE-2018-5495", "ID": "CVE-2018-5495",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "StorageGRID Webscale", "product_name": "StorageGRID Webscale",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetApp" "vendor_name": "NetApp"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security.netapp.com/advisory/ntap-20181114-0001/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20181114-0001/" "lang": "eng",
} "value": "All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20181114-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181114-0001/"
}
]
}
}

120
2018/5xxx/CVE-2018-5763.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5763", "ID": "CVE-2018-5763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://oxidforge.org/en/security-bulletin-2018-001.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://oxidforge.org/en/security-bulletin-2018-001.html" "lang": "eng",
} "value": "An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://oxidforge.org/en/security-bulletin-2018-001.html",
"refsource": "CONFIRM",
"url": "https://oxidforge.org/en/security-bulletin-2018-001.html"
}
]
}
}