admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:55:22 +00:00
parent 22fce5788a
commit ec150d38aa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4011 additions and 4013 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
2008/0xxx/CVE-2008-0081.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-0081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02320",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name" : "SSRT080028",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name" : "MS08-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
},
{
"name" : "947563",
"refsource" : "MSKB",
"url" : "http://www.microsoft.com/technet/security/advisory/947563.mspx"
},
{
"name" : "TA08-071A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
},
{
"name" : "27305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27305"
},
{
"name" : "ADV-2008-0146",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0146"
},
{
"name" : "ADV-2008-0846",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0846/references"
},
{
"name" : "oval:org.mitre.oval:def:5546",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
},
{
"name" : "1019200",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019200"
},
{
"name" : "28506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28506"
},
{
"name" : "microsoft-excel-unspecified-code-execution(39699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka \"Macro Validation Vulnerability,\" a different vulnerability than CVE-2007-3490."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019200",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019200"
},
{
"name": "oval:org.mitre.oval:def:5546",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5546"
},
{
"name": "microsoft-excel-unspecified-code-execution(39699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39699"
},
{
"name": "TA08-071A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"
},
{
"name": "947563",
"refsource": "MSKB",
"url": "http://www.microsoft.com/technet/security/advisory/947563.mspx"
},
{
"name": "27305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27305"
},
{
"name": "MS08-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-014"
},
{
"name": "SSRT080028",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name": "HPSBST02320",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"
},
{
"name": "ADV-2008-0146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0146"
},
{
"name": "ADV-2008-0846",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0846/references"
},
{
"name": "28506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28506"
}
]
}
}

210
2008/0xxx/CVE-2008-0339.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name" : "TA08-017A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
},
{
"name" : "27229",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27229"
},
{
"name" : "ADV-2008-0150",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0150"
},
{
"name" : "ADV-2008-0180",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0180"
},
{
"name" : "1019218",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019218"
},
{
"name" : "28518",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28518"
},
{
"name" : "28556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28556"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019218",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019218"
},
{
"name": "27229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27229"
},
{
"name": "TA08-017A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
},
{
"name": "ADV-2008-0150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0150"
},
{
"name": "ADV-2008-0180",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0180"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name": "28556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28556"
},
{
"name": "28518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28518"
}
]
}
}

140
2008/0xxx/CVE-2008-0550.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/steamcazz-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/steamcazz-adv.txt"
},
{
"name" : "http://aluigi.org/poc/steamcazz.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/steamcazz.zip"
},
{
"name" : "steamcast-http-bo(39928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.org/poc/steamcazz.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/steamcazz.zip"
},
{
"name": "steamcast-http-bo(39928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39928"
},
{
"name": "http://aluigi.altervista.org/adv/steamcazz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/steamcazz-adv.txt"
}
]
}
}

170
2008/0xxx/CVE-2008-0775.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with \"&#\", contain the desired script, and end with \";\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
},
{
"name" : "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
},
{
"name" : "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
},
{
"name" : "27727",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27727"
},
{
"name" : "28900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28900"
},
{
"name" : "3651",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with \"&#\", contain the desired script, and end with \";\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28900"
},
{
"name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
},
{
"name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
},
{
"name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
},
{
"name": "27727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27727"
},
{
"name": "3651",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3651"
}
]
}
}

240
2008/0xxx/CVE-2008-0932.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=433723",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"name" : "DSA-1508",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1508"
},
{
"name" : "FEDORA-2008-1922",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"name" : "FEDORA-2008-1951",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
},
{
"name" : "GLSA-200803-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"name" : "27987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27987"
},
{
"name" : "27874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27874"
},
{
"name" : "ADV-2008-0670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"name" : "29012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29012"
},
{
"name" : "25400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25400"
},
{
"name" : "29115",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29115"
},
{
"name" : "29181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-1922",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00769.html"
},
{
"name": "FEDORA-2008-1951",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00806.html"
},
{
"name": "DSA-1508",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1508"
},
{
"name": "27874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27874"
},
{
"name": "29012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29012"
},
{
"name": "29115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29115"
},
{
"name": "ADV-2008-0670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0670/references"
},
{
"name": "GLSA-200803-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-06.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449"
},
{
"name": "29181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29181"
},
{
"name": "25400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25400"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=433723",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433723"
},
{
"name": "27987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27987"
}
]
}
}

260
2008/1xxx/CVE-2008-1996.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080408 licq remote DoS?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490563"
},
{
"name" : "20080410 Re: Re: licq remote DoS?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490717"
},
{
"name" : "20080410 Re: licq remote DoS?",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2008/Apr/0100.html"
},
{
"name" : "[oss-security] 20080425 CVE request: licq denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/04/25/1"
},
{
"name" : "http://www.licq.org/changeset/6146",
"refsource" : "CONFIRM",
"url" : "http://www.licq.org/changeset/6146"
},
{
"name" : "http://www.licq.org/ticket/1623",
"refsource" : "CONFIRM",
"url" : "http://www.licq.org/ticket/1623"
},
{
"name" : "FEDORA-2008-3812",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00186.html"
},
{
"name" : "MDVSA-2008:159",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:159"
},
{
"name" : "SUSE-SR:2008:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name" : "28679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28679"
},
{
"name" : "ADV-2008-1446",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1446/references"
},
{
"name" : "30055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30055"
},
{
"name" : "30236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30236"
},
{
"name" : "3851",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3851"
},
{
"name" : "licq-connections-dos(41732)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "licq-connections-dos(41732)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41732"
},
{
"name": "20080410 Re: Re: licq remote DoS?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490717"
},
{
"name": "3851",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3851"
},
{
"name": "20080408 licq remote DoS?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490563"
},
{
"name": "ADV-2008-1446",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1446/references"
},
{
"name": "28679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28679"
},
{
"name": "30055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30055"
},
{
"name": "FEDORA-2008-3812",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00186.html"
},
{
"name": "http://www.licq.org/ticket/1623",
"refsource": "CONFIRM",
"url": "http://www.licq.org/ticket/1623"
},
{
"name": "http://www.licq.org/changeset/6146",
"refsource": "CONFIRM",
"url": "http://www.licq.org/changeset/6146"
},
{
"name": "[oss-security] 20080425 CVE request: licq denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/04/25/1"
},
{
"name": "30236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30236"
},
{
"name": "20080410 Re: licq remote DoS?",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2008/Apr/0100.html"
},
{
"name": "MDVSA-2008:159",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:159"
}
]
}
}

34
2008/3xxx/CVE-2008-3002.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3002",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-3002",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}

140
2008/3xxx/CVE-2008-3026.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5984",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5984"
},
{
"name" : "30032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30032"
},
{
"name" : "sispletcms-index-sql-injection(43544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30032"
},
{
"name": "sispletcms-index-sql-injection(43544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43544"
},
{
"name": "5984",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5984"
}
]
}
}

160
2008/3xxx/CVE-2008-3169.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a \"coordinate normalization bug.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745",
"refsource" : "CONFIRM",
"url" : "http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111"
},
{
"name" : "30152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30152"
},
{
"name" : "30954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30954"
},
{
"name" : "empireserver-unspecified-bo(43655)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a \"coordinate normalization bug.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "empireserver-unspecified-bo(43655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43655"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111"
},
{
"name": "http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745"
},
{
"name": "30954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30954"
},
{
"name": "30152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30152"
}
]
}
}

170
2008/3xxx/CVE-2008-3253.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX117814",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX117814"
},
{
"name" : "30265",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30265"
},
{
"name" : "ADV-2008-2117",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2117/references"
},
{
"name" : "1020515",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020515"
},
{
"name" : "31133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31133"
},
{
"name" : "citrix-xenserver-xenapihttp-xss(43857)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-xenserver-xenapihttp-xss(43857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43857"
},
{
"name": "http://support.citrix.com/article/CTX117814",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX117814"
},
{
"name": "1020515",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020515"
},
{
"name": "30265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30265"
},
{
"name": "31133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31133"
},
{
"name": "ADV-2008-2117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2117/references"
}
]
}
}

210
2008/3xxx/CVE-2008-3928.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3928",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://uvw.ru/report.lenny.txt",
"refsource" : "MISC",
"url" : "http://uvw.ru/report.lenny.txt"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/honeyd-common",
"refsource" : "CONFIRM",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/honeyd-common"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name" : "GLSA-200812-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-12.xml"
},
{
"name" : "30874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30874"
},
{
"name" : "31658",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31658"
},
{
"name" : "33141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33141"
},
{
"name" : "honeyd-test-symlink(44735)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44735"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31658"
},
{
"name": "GLSA-200812-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-12.xml"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/honeyd-common",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/honeyd-common"
},
{
"name": "33141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33141"
},
{
"name": "30874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30874"
},
{
"name": "honeyd-test-symlink(44735)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44735"
}
]
}
}

160
2008/4xxx/CVE-2008-4781.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6850",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6850"
},
{
"name" : "31942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31942"
},
{
"name" : "32432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32432"
},
{
"name" : "ADV-2008-2941",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2941"
},
{
"name" : "4526",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6850",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6850"
},
{
"name": "32432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32432"
},
{
"name": "4526",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4526"
},
{
"name": "31942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31942"
},
{
"name": "ADV-2008-2941",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2941"
}
]
}
}

250
2008/4xxx/CVE-2008-4814.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124",
"refsource" : "MISC",
"url" : "http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name" : "RHSA-2008:0974",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
},
{
"name" : "249366",
"refsource" : "SUNALERT",
"url" : "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name" : "SUSE-SR:2008:026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name" : "TA08-309A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name" : "32100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32100"
},
{
"name" : "1021140",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021140"
},
{
"name" : "ADV-2008-3001",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name" : "ADV-2009-0098",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name" : "32872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32872"
},
{
"name" : "32700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32700"
},
{
"name" : "adobe-javascript-code-execution1(46334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an \"input validation issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32700"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "32100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32100"
},
{
"name": "249366",
"refsource": "SUNALERT",
"url": "http://download.oracle.com/sunalerts/1019937.1.html"
},
{
"name": "32872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32872"
},
{
"name": "adobe-javascript-code-execution1(46334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46334"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-19.html"
},
{
"name": "ADV-2009-0098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0098"
},
{
"name": "TA08-309A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-309A.html"
},
{
"name": "1021140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021140"
},
{
"name": "ADV-2008-3001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3001"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124",
"refsource": "MISC",
"url": "http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124"
},
{
"name": "RHSA-2008:0974",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0974.html"
}
]
}
}

150
2008/7xxx/CVE-2008-7099.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6312",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6312"
},
{
"name" : "48342",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48342"
},
{
"name" : "31548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31548"
},
{
"name" : "krp-manage-templates-code-execution(52924)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48342",
"refsource": "OSVDB",
"url": "http://osvdb.org/48342"
},
{
"name": "krp-manage-templates-code-execution(52924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52924"
},
{
"name": "6312",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6312"
},
{
"name": "31548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31548"
}
]
}
}

160
2013/2xxx/CVE-2013-2155.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130617 CVE-2013-2155: Apache Santuario C++ denial of service vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html"
},
{
"name" : "http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h",
"refsource" : "MISC",
"url" : "http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h"
},
{
"name" : "http://santuario.apache.org/secadv.data/CVE-2013-2155.txt",
"refsource" : "CONFIRM",
"url" : "http://santuario.apache.org/secadv.data/CVE-2013-2155.txt"
},
{
"name" : "https://www.tenable.com/security/tns-2018-15",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2018-15"
},
{
"name" : "DSA-2710",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h"
},
{
"name": "DSA-2710",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2710"
},
{
"name": "https://www.tenable.com/security/tns-2018-15",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "http://santuario.apache.org/secadv.data/CVE-2013-2155.txt",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/CVE-2013-2155.txt"
},
{
"name": "20130617 CVE-2013-2155: Apache Santuario C++ denial of service vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html"
}
]
}
}

170
2013/2xxx/CVE-2013-2190.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has \"disappeared,\" which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130618 Re: CVE request: gnome-shell crash, screen unlock on resume",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/19/1"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=701974",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=701974"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=980111",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=980111"
},
{
"name" : "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e",
"refsource" : "CONFIRM",
"url" : "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e"
},
{
"name" : "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab",
"refsource" : "CONFIRM",
"url" : "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab"
},
{
"name" : "openSUSE-SU-2013:1540",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has \"disappeared,\" which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e"
},
{
"name": "[oss-security] 20130618 Re: CVE request: gnome-shell crash, screen unlock on resume",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=980111",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980111"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=701974",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=701974"
},
{
"name": "openSUSE-SU-2013:1540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html"
},
{
"name": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab"
}
]
}
}

440
2013/2xxx/CVE-2013-2420.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2420",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient \"validation of images\" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
},
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952638",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952638"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name" : "APPLE-SA-2013-04-16-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02889",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name" : "SSRT101252",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name" : "HPSBUX02922",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name" : "SSRT101305",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name" : "MDVSA-2013:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
},
{
"name" : "MDVSA-2013:161",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name" : "RHSA-2013:0752",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name" : "RHSA-2013:0757",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name" : "RHSA-2013:0758",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "SUSE-SU-2013:0814",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0777",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
},
{
"name" : "SUSE-SU-2013:0835",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
},
{
"name" : "SUSE-SU-2013:0871",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
},
{
"name" : "SUSE-SU-2013:0934",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name" : "USN-1806-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name" : "TA13-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name" : "59167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59167"
},
{
"name" : "oval:org.mitre.oval:def:16597",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16597"
},
{
"name" : "oval:org.mitre.oval:def:19354",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19354"
},
{
"name" : "oval:org.mitre.oval:def:19704",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient \"validation of images\" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8"
},
{
"name": "SUSE-SU-2013:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952638",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952638"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
},
{
"name": "SUSE-SU-2013:0871",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
},
{
"name": "RHSA-2013:0758",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
},
{
"name": "59167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59167"
},
{
"name": "APPLE-SA-2013-04-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
},
{
"name": "MDVSA-2013:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
},
{
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
},
{
"name": "SSRT101252",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "SSRT101305",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "HPSBUX02922",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
},
{
"name": "openSUSE-SU-2013:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
},
{
"name": "oval:org.mitre.oval:def:19354",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19354"
},
{
"name": "oval:org.mitre.oval:def:19704",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19704"
},
{
"name": "MDVSA-2013:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name": "openSUSE-SU-2013:0964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name": "RHSA-2013:0752",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name": "USN-1806-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name": "oval:org.mitre.oval:def:16597",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16597"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "SUSE-SU-2013:0814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name": "SUSE-SU-2013:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
},
{
"name": "HPSBUX02889",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
}
]
}
}

210
2013/2xxx/CVE-2013-2546.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name" : "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name" : "MDVSA-2013:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name" : "openSUSE-SU-2013:1971",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name" : "USN-1793-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name" : "USN-1794-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name" : "USN-1795-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"name" : "USN-1796-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"name" : "USN-1797-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1797-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1796-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"name": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
]
}
}

34
2013/2xxx/CVE-2013-2947.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2947",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2947",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2013/3xxx/CVE-2013-3157.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka \"Access Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3155."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-074",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074"
},
{
"name" : "TA13-253A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"name" : "oval:org.mitre.oval:def:18664",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka \"Access Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3155."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"name": "oval:org.mitre.oval:def:18664",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18664"
}
]
}
}

210
2013/3xxx/CVE-2013-3475.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21639194",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21639355",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
},
{
"name" : "IC92463",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
},
{
"name" : "IC92495",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
},
{
"name" : "IC92496",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
},
{
"name" : "IC92498",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
},
{
"name" : "60255",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60255"
},
{
"name" : "52663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52663"
},
{
"name" : "53704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53704"
},
{
"name" : "ibm-db2-cve20133475-bo(84358)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC92495",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92495"
},
{
"name": "IC92496",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92496"
},
{
"name": "IC92463",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92463"
},
{
"name": "ibm-db2-cve20133475-bo(84358)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84358"
},
{
"name": "53704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53704"
},
{
"name": "60255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60255"
},
{
"name": "IC92498",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC92498"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639355"
},
{
"name": "52663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52663"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21639194"
}
]
}
}

34
2013/6xxx/CVE-2013-6298.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6298",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6298",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/6xxx/CVE-2013-6519.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6519",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6519",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

140
2013/6xxx/CVE-2013-6720.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32546",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32546"
},
{
"name" : "https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a",
"refsource" : "CONFIRM",
"url" : "https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a"
},
{
"name" : "ibm-tealeaf-cve20136720-lfi(89229)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89229"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32546",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32546"
},
{
"name": "https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a",
"refsource": "CONFIRM",
"url": "https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a"
},
{
"name": "ibm-tealeaf-cve20136720-lfi(89229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89229"
}
]
}
}

150
2013/6xxx/CVE-2013-6908.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6908",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource" : "MISC",
"url" : "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name" : "https://support.cybozu.com/ja-jp/article/5870",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/5870"
},
{
"name" : "JVN#23981867",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"name" : "JVNDB-2013-000113",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "https://support.cybozu.com/ja-jp/article/5870",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/5870"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}

170
2013/7xxx/CVE-2013-7224.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131224 Happy Holidays / Xmas Advisory",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Dec/199"
},
{
"name" : "[oss-security] 20131228 Re: CVE request: Fat Free CRM multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/12/28/2"
},
{
"name" : "http://www.phenoelit.org/stuff/ffcrm.txt",
"refsource" : "MISC",
"url" : "http://www.phenoelit.org/stuff/ffcrm.txt"
},
{
"name" : "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328",
"refsource" : "CONFIRM",
"url" : "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328"
},
{
"name" : "https://github.com/fatfreecrm/fat_free_crm/issues/300",
"refsource" : "CONFIRM",
"url" : "https://github.com/fatfreecrm/fat_free_crm/issues/300"
},
{
"name" : "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29",
"refsource" : "CONFIRM",
"url" : "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131224 Happy Holidays / Xmas Advisory",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/199"
},
{
"name": "[oss-security] 20131228 Re: CVE request: Fat Free CRM multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/28/2"
},
{
"name": "http://www.phenoelit.org/stuff/ffcrm.txt",
"refsource": "MISC",
"url": "http://www.phenoelit.org/stuff/ffcrm.txt"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/commit/cf26a04b356ad2161c4c6160260eb870a3de5328"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/issues/300",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/issues/300"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29"
}
]
}
}

34
2013/7xxx/CVE-2013-7351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/10xxx/CVE-2017-10669.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jun/44",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jun/44"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/44",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jun/44"
}
]
}
}

120
2017/10xxx/CVE-2017-10674.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.csdn.net/wdone/article/details/73958872",
"refsource" : "MISC",
"url" : "http://blog.csdn.net/wdone/article/details/73958872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.csdn.net/wdone/article/details/73958872",
"refsource": "MISC",
"url": "http://blog.csdn.net/wdone/article/details/73958872"
}
]
}
}

120
2017/10xxx/CVE-2017-10753.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
}
]
}
}

310
2017/10xxx/CVE-2017-10850.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name" : "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name" : "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name" : "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name" : "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name" : "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name" : "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name" : "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name" : "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
},
{
"product_name" : "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version" : {
"version_data" : [
{
"version_value" : "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
}
]
},
"vendor_name" : "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:04 UTC"
}
]
}
},
{
"product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name": "Installer of PostScript? Driver + Additional Feature Plug-in + PPD File for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 12 Apr 2017 02:10 UTC"
}
]
}
},
{
"product_name": "Installer of XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name": "Installer of XPS Print Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 3 Nov 2017 23:48 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name": "Installer of ART EX Direct FAX Driver for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 26 May 2017 07:44 UTC"
}
]
}
},
{
"product_name": "Installer of Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
},
{
"product_name": "Installer of Setting Restore Tool for DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271",
"version": {
"version_data": [
{
"version_value": "Timestamp of code signing is before 25 Aug 2015 08:51 UTC"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
},
{
"name" : "JVN#09769017",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN09769017/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}

120
2017/14xxx/CVE-2017-14049.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_xss/blackcat_cms_xss.md",
"refsource" : "MISC",
"url" : "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_xss/blackcat_cms_xss.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_xss/blackcat_cms_xss.md",
"refsource": "MISC",
"url": "https://github.com/M4ple/vulnerability/blob/master/blackcat_cms_xss/blackcat_cms_xss.md"
}
]
}
}

120
2017/14xxx/CVE-2017-14648.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/"
}
]
}
}

132
2017/14xxx/CVE-2017-14914.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-14914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Storage"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-14914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "102072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Storage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102072"
}
]
}
}

180
2017/17xxx/CVE-2017-17090.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43992",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43992/"
},
{
"name" : "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name" : "http://downloads.digium.com/pub/security/AST-2017-013.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.digium.com/pub/security/AST-2017-013.html"
},
{
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-27452",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name" : "DSA-4076",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4076"
},
{
"name" : "102023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102023"
},
{
"name" : "1039948",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039948"
},
{
"name": "43992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43992/"
},
{
"name": "102023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102023"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-27452",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-27452"
},
{
"name": "[debian-lts-announce] 20171230 [SECURITY] [DLA 1225-1] asterisk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"
},
{
"name": "DSA-4076",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4076"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2017-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2017-013.html"
}
]
}
}

34
2017/17xxx/CVE-2017-17389.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17389",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17389",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/17xxx/CVE-2017-17418.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-17418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Quest NetVault Backup",
"version" : {
"version_data" : [
{
"version_value" : "11.3.0.12"
}
]
}
}
]
},
"vendor_name" : "Quest"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-17418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quest NetVault Backup",
"version": {
"version_data": [
{
"version_value": "11.3.0.12"
}
]
}
}
]
},
"vendor_name": "Quest"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-983",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-983",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-983"
}
]
}
}

140
2017/9xxx/CVE-2017-9232.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44023",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44023/"
},
{
"name" : "https://bugs.launchpad.net/juju/+bug/1682411",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/juju/+bug/1682411"
},
{
"name" : "98737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98737"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/juju/+bug/1682411",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/juju/+bug/1682411"
},
{
"name": "44023",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44023/"
},
{
"name": "98737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98737"
}
]
}
}

150
2017/9xxx/CVE-2017-9430.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42115",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42115/"
},
{
"name" : "42424",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42424/"
},
{
"name" : "https://cxsecurity.com/issue/WLB-2017060030",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2017060030"
},
{
"name" : "https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42115/"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017060030",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017060030"
},
{
"name": "42424",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42424/"
},
{
"name": "https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html"
}
]
}
}

120
2017/9xxx/CVE-2017-9704.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-9704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Camera"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-9704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"
}
]
}
}

140
2017/9xxx/CVE-2017-9853.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides \"a very high security standard.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://horusscenario.com/CVE-information/",
"refsource" : "MISC",
"url" : "https://horusscenario.com/CVE-information/"
},
{
"name" : "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource" : "MISC",
"url" : "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource" : "MISC",
"url" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides \"a very high security standard.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}

34
2018/0xxx/CVE-2018-0168.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0168",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0168",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/0xxx/CVE-2018-0568.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Joruri Gw",
"version" : {
"version_data" : [
{
"version_value" : "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "SiteBridge Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Gw",
"version": {
"version_data": [
{
"version_value": "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt",
"refsource" : "MISC",
"url" : "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name" : "JVN#95589314",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN95589314/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt",
"refsource": "MISC",
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
]
}
}

152
2018/0xxx/CVE-2018-0772.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2018-0772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge, Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2018-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge, Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0772",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0772"
},
{
"name" : "102409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102409"
},
{
"name" : "1040099",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040099"
},
{
"name" : "1040100",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040100"
},
{
"name": "102409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102409"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0772",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0772"
},
{
"name": "1040099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040099"
}
]
}
}

36
2018/1000xxx/CVE-2018-1000065.json
View File

@ -1,20 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-02-11",
"ID" : "CVE-2018-1000065",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5381. Reason: This candidate is a reservation duplicate of CVE-2018-5381. Notes: All CVE users should reference CVE-2018-5381 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1000065",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5381. Reason: This candidate is a reservation duplicate of CVE-2018-5381. Notes: All CVE users should reference CVE-2018-5381 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

124
2018/1000xxx/CVE-2018-1000080.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "1/29/2018 10:45:25",
"ID" : "CVE-2018-1000080",
"REQUESTER" : "etoledano@stone.com.br",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ajenti",
"version" : {
"version_data" : [
{
"version_value" : "version 2"
}
]
}
}
]
},
"vendor_name" : "Ajenti"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Permissions"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "1/29/2018 10:45:25",
"ID": "CVE-2018-1000080",
"REQUESTER": "etoledano@stone.com.br",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee",
"refsource" : "MISC",
"url" : "https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee",
"refsource": "MISC",
"url": "https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee"
}
]
}
}

170
2018/16xxx/CVE-2018-16857.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-16857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "samba",
"version" : {
"version_data" : [
{
"version_value" : "4.9.3"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-358"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "4.9.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2018-16857.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2018-16857.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181127-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181127-0001/"
},
{
"name" : "106024",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20181127-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181127-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857"
},
{
"name": "106024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106024"
},
{
"name": "https://www.samba.org/samba/security/CVE-2018-16857.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2018-16857.html"
}
]
}
}

120
2018/19xxx/CVE-2018-19040.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45809",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45809/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45809",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45809/"
}
]
}
}

130
2018/19xxx/CVE-2018-19278.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://downloads.asterisk.org/pub/security/AST-2018-010.html",
"refsource" : "MISC",
"url" : "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-28127",
"refsource" : "MISC",
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.asterisk.org/pub/security/AST-2018-010.html",
"refsource": "MISC",
"url": "https://downloads.asterisk.org/pub/security/AST-2018-010.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-28127",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-28127"
}
]
}
}

140
2018/19xxx/CVE-2018-19414.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181204 Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/8"
},
{
"name" : "http://packetstormsecurity.com/files/150657/Plikli-4.0.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150657/Plikli-4.0.0-Cross-Site-Scripting.html"
},
{
"name" : "https://www.netsparker.com/web-applications-advisories/ns-18-030-cross-site-scripting-in-plikli/",
"refsource" : "MISC",
"url" : "https://www.netsparker.com/web-applications-advisories/ns-18-030-cross-site-scripting-in-plikli/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181204 Multiple Cross-site Scripting and Blind SQL Injection Vulnerabilities in Plikli 4.0.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/8"
},
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-030-cross-site-scripting-in-plikli/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-030-cross-site-scripting-in-plikli/"
},
{
"name": "http://packetstormsecurity.com/files/150657/Plikli-4.0.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150657/Plikli-4.0.0-Cross-Site-Scripting.html"
}
]
}
}

210
2018/19xxx/CVE-2018-19476.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=700169",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=700169"
},
{
"name" : "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26",
"refsource" : "MISC",
"url" : "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"
},
{
"name" : "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf",
"refsource" : "MISC",
"url" : "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf"
},
{
"name" : "DSA-4346",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4346"
},
{
"name" : "RHSA-2019:0229",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0229"
},
{
"name" : "USN-3831-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3831-1/"
},
{
"name" : "106154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106154"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4346",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4346"
},
{
"name": "RHSA-2019:0229",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0229"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=700169",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700169"
},
{
"name": "USN-3831-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3831-1/"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16"
},
{
"name": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf",
"refsource": "MISC",
"url": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a"
},
{
"name": "106154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106154"
},
{
"name": "[debian-lts-announce] 20181128 [SECURITY] [DLA 1598-1] ghostscript security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html"
},
{
"name": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26",
"refsource": "MISC",
"url": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"
}
]
}
}

160
2018/1xxx/CVE-2018-1438.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-1438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283"
},
{
"name" : "104349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104349"
},
{
"name" : "ibm-storwize-cve20181438-info-disc(139566)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM X-Force ID: 139566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-storwize-cve20181438-info-disc(139566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139566"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012282"
},
{
"name": "104349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104349"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012263"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1012283"
}
]
}
}

34
2018/1xxx/CVE-2018-1960.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1960",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1960",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4801.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4801",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4801",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4804.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4804",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4804",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4891.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4891",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name" : "102996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102996"
},
{
"name" : "1040364",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102996"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
}
]
}
}