admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:57:46 +00:00
parent 5f20e339e5
commit ee3294b745
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3954 additions and 3954 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
2008/0xxx/CVE-2008-0035.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0035", "ID": "CVE-2008-0035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=307430", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=307430" "lang": "eng",
}, "value": "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari."
{ }
"name" : "APPLE-SA-2008-01-15", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2008-02-11", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://docs.info.apple.com/article.html?artnum=307302", ]
"refsource" : "CONFIRM", }
"url" : "http://docs.info.apple.com/article.html?artnum=307302" ]
}, },
{ "references": {
"name" : "TA08-043B", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-043B.html" "name": "http://docs.info.apple.com/article.html?artnum=307430",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=307430"
"name" : "27296", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27296" "name": "28891",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28891"
"name" : "ADV-2008-0147", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0147" "name": "27296",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27296"
"name" : "ADV-2008-0495", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0495/references" "name": "http://docs.info.apple.com/article.html?artnum=307302",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=307302"
"name" : "1019220", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019220" "name": "ADV-2008-0495",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0495/references"
"name" : "28497", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28497" "name": "iphone-ipod-foundation-code-execution(39700)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700"
"name" : "28891", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28891" "name": "28497",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28497"
"name" : "iphone-ipod-foundation-code-execution(39700)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700" "name": "TA08-043B",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
} },
} {
"name": "APPLE-SA-2008-01-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2008-02-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"name": "1019220",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019220"
},
{
"name": "ADV-2008-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0147"
}
]
}
}

210
2008/0xxx/CVE-2008-0106.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-0106", "ID": "CVE-2008-0106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/494082/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement."
{ }
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" ]
}, },
{ "references": {
"name" : "MS08-040", "reference_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040" "name": "1020441",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020441"
"name" : "TA08-190A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" "name": "30970",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30970"
"name" : "oval:org.mitre.oval:def:13785", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785" "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
"name" : "ADV-2008-2022", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2022/references" "name": "ADV-2008-2022",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2022/references"
"name" : "1020441", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020441" "name": "MS08-040",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040"
"name" : "30970", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30970" "name": "20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/494082/100/0/threaded"
} },
} {
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:13785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13785"
}
]
}
}

160
2008/0xxx/CVE-2008-0640.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0640", "ID": "CVE-2008-0640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/avcenter/security/Content/2008.02.07.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/avcenter/security/Content/2008.02.07.html" "lang": "eng",
}, "value": "Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing."
{ }
"name" : "27644", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27644" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0474", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0474" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1019356", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1019356" ]
}, },
{ "references": {
"name" : "28853", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28853" "name": "28853",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/28853"
} },
} {
"name": "ADV-2008-0474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0474"
},
{
"name": "1019356",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019356"
},
{
"name": "27644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27644"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.07.html"
}
]
}
}

160
2008/0xxx/CVE-2008-0797.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0797", "ID": "CVE-2008-0797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://en.wikipedia.org/wiki/Talk:Itheora", "description_data": [
"refsource" : "MISC", {
"url" : "http://en.wikipedia.org/wiki/Talk:Itheora" "lang": "eng",
}, "value": "Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter."
{ }
"name" : "http://menguy.aymeric.free.fr/theora/news.php", ]
"refsource" : "CONFIRM", },
"url" : "http://menguy.aymeric.free.fr/theora/news.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27788", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27788" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28929", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28929" ]
}, },
{ "references": {
"name" : "itheora-download-directory-traversal(40506)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40506" "name": "itheora-download-directory-traversal(40506)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40506"
} },
} {
"name": "28929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28929"
},
{
"name": "27788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27788"
},
{
"name": "http://menguy.aymeric.free.fr/theora/news.php",
"refsource": "CONFIRM",
"url": "http://menguy.aymeric.free.fr/theora/news.php"
},
{
"name": "http://en.wikipedia.org/wiki/Talk:Itheora",
"refsource": "MISC",
"url": "http://en.wikipedia.org/wiki/Talk:Itheora"
}
]
}
}

34
2008/0xxx/CVE-2008-0970.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0970", "ID": "CVE-2008-0970",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

340
2008/1xxx/CVE-2008-1072.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1072", "ID": "CVE-2008-1072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080229 rPSA-2008-0092-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488967/100/0/threaded" "lang": "eng",
}, "value": "The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://issues.rpath.com/browse/RPL-2296", ]
"refsource" : "CONFIRM", }
"url" : "https://issues.rpath.com/browse/RPL-2296" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" "name": "GLSA-200803-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200803-32.xml"
"name" : "FEDORA-2008-2941", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html" "name": "RHSA-2008:0890",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html"
"name" : "FEDORA-2008-3040", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html" "name": "http://www.wireshark.org/security/wnpa-sec-2008-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2008-01.html"
"name" : "GLSA-200803-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200803-32.xml" "name": "FEDORA-2008-3040",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html"
"name" : "MDVSA-2008:057", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057" "name": "29188",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29188"
"name" : "RHSA-2008:0890", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" "name": "oval:org.mitre.oval:def:10188",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188"
"name" : "SUSE-SR:2008:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" "name": "29242",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29242"
"name" : "28025", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28025" "name": "29511",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29511"
"name" : "oval:org.mitre.oval:def:10188", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188" "name": "SUSE-SR:2008:005",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
"name" : "ADV-2008-0704", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0704" "name": "20080229 rPSA-2008-0092-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/488967/100/0/threaded"
"name" : "ADV-2008-2773", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2773" "name": "1019515",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019515"
"name" : "1019515", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019515" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092"
"name" : "29156", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29156" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm"
"name" : "29188", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29188" "name": "32091",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32091"
"name" : "29223", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29223" "name": "29736",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29736"
"name" : "29242", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29242" "name": "ADV-2008-2773",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2773"
"name" : "29511", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29511" "name": "https://issues.rpath.com/browse/RPL-2296",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2296"
"name" : "29736", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29736" "name": "ADV-2008-0704",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0704"
"name" : "32091", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32091" "name": "28025",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/28025"
} },
} {
"name": "MDVSA-2008:057",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:057"
},
{
"name": "29156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29156"
},
{
"name": "FEDORA-2008-2941",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html"
},
{
"name": "29223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29223"
}
]
}
}

170
2008/1xxx/CVE-2008-1350.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1350", "ID": "CVE-2008-1350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080312 Powered by phpBB 2001, 2006 (SQL)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489468/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action."
{ }
"name" : "5243", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5243" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28225", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28225" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29339", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29339" ]
}, },
{ "references": {
"name" : "3745", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3745" "name": "phpbb-kb-sql-injection(41192)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41192"
"name" : "phpbb-kb-sql-injection(41192)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41192" "name": "3745",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3745"
} },
} {
"name": "5243",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5243"
},
{
"name": "29339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29339"
},
{
"name": "28225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28225"
},
{
"name": "20080312 Powered by phpBB 2001, 2006 (SQL)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489468/100/0/threaded"
}
]
}
}

160
2008/1xxx/CVE-2008-1733.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1733", "ID": "CVE-2008-1733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080409 Pu Arcade component for Joomla - SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490626/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php."
{ }
"name" : "28701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44391", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/44391" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3807", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3807" ]
}, },
{ "references": {
"name" : "puarcade-gid-sql-injection(41726)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41726" "name": "puarcade-gid-sql-injection(41726)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41726"
} },
} {
"name": "20080409 Pu Arcade component for Joomla - SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490626/100/0/threaded"
},
{
"name": "3807",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3807"
},
{
"name": "28701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28701"
},
{
"name": "44391",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44391"
}
]
}
}

150
2008/1xxx/CVE-2008-1935.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1935", "ID": "CVE-2008-1935",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5488", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5488" "lang": "eng",
}, "value": "SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter."
{ }
"name" : "28900", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28900" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1346", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1346/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "filiale-index-sql-injection(41980)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41980" ]
} },
] "references": {
} "reference_data": [
} {
"name": "28900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28900"
},
{
"name": "ADV-2008-1346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1346/references"
},
{
"name": "filiale-index-sql-injection(41980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41980"
},
{
"name": "5488",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5488"
}
]
}
}

330
2008/3xxx/CVE-2008-3834.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3834", "ID": "CVE-2008-3834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7822", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7822" "lang": "eng",
}, "value": "The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error."
{ }
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=17803", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=17803" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a", ]
"refsource" : "CONFIRM", }
"url" : "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a" ]
}, },
{ "references": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" "name": "MDVSA-2008:213",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213"
"name" : "DSA-1658", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1658" "name": "DSA-1658",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1658"
"name" : "FEDORA-2008-8764", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html" "name": "31602",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31602"
"name" : "MDVSA-2008:213", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:213" "name": "openSUSE-SU-2012:1418",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html"
"name" : "RHSA-2009:0008", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0008.html" "name": "https://bugs.freedesktop.org/show_bug.cgi?id=17803",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.freedesktop.org/show_bug.cgi?id=17803"
"name" : "SUSE-SR:2008:027", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" "name": "1021063",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021063"
"name" : "openSUSE-SU-2012:1418", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00094.html" "name": "dbus-dbusvalidatesignaturewithreason-dos(45701)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701"
"name" : "USN-653-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-653-1" "name": "7822",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/7822"
"name" : "31602", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31602" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834"
"name" : "oval:org.mitre.oval:def:10253", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253" "name": "32385",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32385"
"name" : "ADV-2008-2762", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2762" "name": "SUSE-SR:2008:027",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
"name" : "1021063", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021063" "name": "32281",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32281"
"name" : "32127", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32127" "name": "FEDORA-2008-8764",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00298.html"
"name" : "32281", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32281" "name": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a",
}, "refsource": "CONFIRM",
{ "url": "http://www.freedesktop.org/wiki/Software/dbus#head-dad0dab297a44f1d7a3b1259cfc06b583fd6a88a"
"name" : "32385", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32385" "name": "32230",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32230"
"name" : "32230", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32230" "name": "oval:org.mitre.oval:def:10253",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10253"
"name" : "33396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33396" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
}, "refsource": "CONFIRM",
{ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
"name" : "dbus-dbusvalidatesignaturewithreason-dos(45701)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45701" "name": "ADV-2008-2762",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2762"
} },
} {
"name": "33396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33396"
},
{
"name": "32127",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32127"
},
{
"name": "RHSA-2009:0008",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0008.html"
},
{
"name": "USN-653-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-653-1"
}
]
}
}

270
2008/4xxx/CVE-2008-4199.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4199", "ID": "CVE-2008-4199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving \"detection of JavaScript events and appropriate manipulation.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20080919 CVE request: Opera < 9.52 multiple vulnerabilities", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/09/19/2" "lang": "eng",
}, "value": "Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving \"detection of JavaScript events and appropriate manipulation.\""
{ }
"name" : "[oss-security] 20080923 Re: CVE request: Opera < 9.52 multiple vulnerabilities", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/09/24/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=235298", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=235298" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.opera.com/docs/changelogs/freebsd/952/", ]
"refsource" : "CONFIRM", }
"url" : "http://www.opera.com/docs/changelogs/freebsd/952/" ]
}, },
{ "references": {
"name" : "http://www.opera.com/docs/changelogs/linux/952/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/linux/952/" "name": "ADV-2008-2416",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2416"
"name" : "http://www.opera.com/docs/changelogs/mac/952/", },
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/952/" "name": "http://www.opera.com/support/search/view/896/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/support/search/view/896/"
"name" : "http://www.opera.com/docs/changelogs/solaris/952/", },
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/solaris/952/" "name": "32538",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32538"
"name" : "http://www.opera.com/docs/changelogs/windows/952/", },
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/952/" "name": "http://www.opera.com/docs/changelogs/mac/952/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/docs/changelogs/mac/952/"
"name" : "http://www.opera.com/support/search/view/896/", },
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/support/search/view/896/" "name": "http://www.opera.com/docs/changelogs/solaris/952/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/docs/changelogs/solaris/952/"
"name" : "GLSA-200811-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200811-01.xml" "name": "opera-feedsource-info-disclosure(44557)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44557"
"name" : "30768", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30768" "name": "1020722",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020722"
"name" : "1020722", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020722" "name": "30768",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30768"
"name" : "32538", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32538" "name": "http://www.opera.com/docs/changelogs/windows/952/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/docs/changelogs/windows/952/"
"name" : "31549", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31549" "name": "http://www.opera.com/docs/changelogs/linux/952/",
}, "refsource": "CONFIRM",
{ "url": "http://www.opera.com/docs/changelogs/linux/952/"
"name" : "ADV-2008-2416", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2416" "name": "[oss-security] 20080923 Re: CVE request: Opera < 9.52 multiple vulnerabilities",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/09/24/4"
"name" : "opera-feedsource-info-disclosure(44557)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44557" "name": "[oss-security] 20080919 CVE request: Opera < 9.52 multiple vulnerabilities",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2008/09/19/2"
} },
} {
"name": "31549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31549"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=235298",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=235298"
},
{
"name": "http://www.opera.com/docs/changelogs/freebsd/952/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/freebsd/952/"
},
{
"name": "GLSA-200811-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-01.xml"
}
]
}
}

160
2008/4xxx/CVE-2008-4241.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4241", "ID": "CVE-2008-4241",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6536", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6536" "lang": "eng",
}, "value": "SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie."
{ }
"name" : "31333", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31333" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2651", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2651" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4316", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4316" ]
}, },
{ "references": {
"name" : "cjultraplus-sid-sql-injection(45458)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45458" "name": "6536",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6536"
} },
} {
"name": "31333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31333"
},
{
"name": "4316",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4316"
},
{
"name": "ADV-2008-2651",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2651"
},
{
"name": "cjultraplus-sid-sql-injection(45458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45458"
}
]
}
}

34
2008/4xxx/CVE-2008-4442.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4442", "ID": "CVE-2008-4442",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2008/5xxx/CVE-2008-5961.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5961", "ID": "CVE-2008-5961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "32650", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32650" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "33021", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/33021" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32650"
},
{
"name": "33021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33021"
}
]
}
}

170
2013/2xxx/CVE-2013-2037.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2037", "ID": "CVE-2013-2037",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130501 Re: CVE Request: httplib2 ssl cert incorrect error handling", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q2/257" "lang": "eng",
}, "value": "httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/httplib2/issues/detail?id=282", "description": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/httplib2/issues/detail?id=282" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.launchpad.net/httplib2/+bug/1175272", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.launchpad.net/httplib2/+bug/1175272" ]
}, },
{ "references": {
"name" : "USN-1948-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1948-1" "name": "https://bugs.launchpad.net/httplib2/+bug/1175272",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/httplib2/+bug/1175272"
"name" : "52179", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52179" "name": "[oss-security] 20130501 Re: CVE Request: httplib2 ssl cert incorrect error handling",
} "refsource": "MLIST",
] "url": "http://seclists.org/oss-sec/2013/q2/257"
} },
} {
"name": "http://code.google.com/p/httplib2/issues/detail?id=282",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/httplib2/issues/detail?id=282"
},
{
"name": "USN-1948-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1948-1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602"
},
{
"name": "52179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52179"
}
]
}
}

150
2013/2xxx/CVE-2013-2710.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2013-2710", "ID": "CVE-2013-2710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wordpress.org/plugins/contextual-related-posts/changelog/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/plugins/contextual-related-posts/changelog/" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors."
{ }
"name" : "59733", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/59733" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52960", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52960" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "contextual-cve20132710-unspecified-csrf(84100)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84100" ]
} },
] "references": {
} "reference_data": [
} {
"name": "contextual-cve20132710-unspecified-csrf(84100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84100"
},
{
"name": "59733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59733"
},
{
"name": "52960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52960"
},
{
"name": "http://wordpress.org/plugins/contextual-related-posts/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/contextual-related-posts/changelog/"
}
]
}
}

120
2013/2xxx/CVE-2013-2780.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-2780", "ID": "CVE-2013-2780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf" "lang": "eng",
} "value": "Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port)."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf"
}
]
}
}

200
2013/2xxx/CVE-2013-2925.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2925", "ID": "CVE-2013-2925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=292422", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=292422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/blink?revision=158146&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/blink?revision=158146&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2785", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2785" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1729", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html" "name": "https://code.google.com/p/chromium/issues/detail?id=292422",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=292422"
"name" : "openSUSE-SU-2013:1776", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html" "name": "openSUSE-SU-2014:0065",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name" : "openSUSE-SU-2013:1861", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" "name": "DSA-2785",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2785"
"name" : "openSUSE-SU-2014:0065", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" "name": "openSUSE-SU-2013:1776",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html"
"name" : "oval:org.mitre.oval:def:18866", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866" "name": "https://src.chromium.org/viewvc/blink?revision=158146&view=revision",
} "refsource": "CONFIRM",
] "url": "https://src.chromium.org/viewvc/blink?revision=158146&view=revision"
} },
} {
"name": "openSUSE-SU-2013:1729",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html"
},
{
"name": "oval:org.mitre.oval:def:18866",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18866"
},
{
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html"
}
]
}
}

130
2013/3xxx/CVE-2013-3068.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3068", "ID": "CVE-2013-3068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports."
{ }
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php", ]
"refsource" : "MISC", },
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php"
},
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php"
}
]
}
}

130
2013/3xxx/CVE-2013-3069.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3069", "ID": "CVE-2013-3069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
{ }
"name" : "92557", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/92557" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "92557",
"refsource": "OSVDB",
"url": "http://osvdb.org/92557"
}
]
}
}

34
2013/3xxx/CVE-2013-3104.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3104", "ID": "CVE-2013-3104",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/3xxx/CVE-2013-3640.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2013-3640", "ID": "CVE-2013-3640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#53579095", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN53579095/index.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVNDB-2013-000049", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#53579095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53579095/index.html"
},
{
"name": "JVNDB-2013-000049",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000049"
}
]
}
}

130
2013/4xxx/CVE-2013-4313.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4313", "ID": "CVE-2013-4313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676" "lang": "eng",
}, "value": "Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string."
{ }
"name" : "https://moodle.org/mod/forum/discuss.php?d=238396", ]
"refsource" : "CONFIRM", },
"url" : "https://moodle.org/mod/forum/discuss.php?d=238396" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=238396",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=238396"
}
]
}
}

34
2013/4xxx/CVE-2013-4374.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4374", "ID": "CVE-2013-4374",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/4xxx/CVE-2013-4607.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4607", "ID": "CVE-2013-4607",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/4xxx/CVE-2013-4841.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2013-4841", "ID": "CVE-2013-4841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02937", "description_data": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204" "lang": "eng",
}, "value": "Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509."
{ }
"name" : "SSRT100796", ]
"refsource" : "HP", },
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBST02937",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204"
},
{
"name": "SSRT100796",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03995204"
}
]
}
}

34
2013/6xxx/CVE-2013-6287.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6287", "ID": "CVE-2013-6287",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2013/6xxx/CVE-2013-6398.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6398", "ID": "CVE-2013-6398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual" "lang": "eng",
}, "value": "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request."
{ }
"name" : "https://issues.apache.org/jira/browse/CLOUDSTACK-5263", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/CLOUDSTACK-5263" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.citrix.com/article/CTX140989", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX140989" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69432", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/69432" ]
}, },
{ "references": {
"name" : "1030762", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030762" "name": "60284",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60284"
"name" : "55960", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55960" "name": "55960",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55960"
"name" : "60284", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60284" "name": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263",
} "refsource": "CONFIRM",
] "url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263"
} },
} {
"name": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual",
"refsource": "CONFIRM",
"url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual"
},
{
"name": "69432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69432"
},
{
"name": "1030762",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030762"
},
{
"name": "http://support.citrix.com/article/CTX140989",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140989"
}
]
}
}

170
2013/6xxx/CVE-2013-6882.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6882", "ID": "CVE-2013-6882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30396", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/30396" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields."
{ }
"name" : "20131212 Ditto Forensic FieldStation, multiple vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2013/Dec/80" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "100996", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/100996" ]
}, },
{ "references": {
"name" : "101000", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/101000" "name": "55989",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55989"
"name" : "55989", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55989" "name": "101000",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/101000"
} },
} {
"name": "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html"
},
{
"name": "20131212 Ditto Forensic FieldStation, multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/80"
},
{
"name": "30396",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30396"
},
{
"name": "100996",
"refsource": "OSVDB",
"url": "http://osvdb.org/100996"
}
]
}
}

170
2013/6xxx/CVE-2013-6964.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-6964", "ID": "CVE-2013-6964",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158" "lang": "eng",
}, "value": "Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197."
{ }
"name" : "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64280", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64280" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "100908", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/100908" ]
}, },
{ "references": {
"name" : "1029494", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029494" "name": "100908",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/100908"
"name" : "cisco-webex-cve20136964-sec-bypass(89690)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690" "name": "1029494",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1029494"
} },
} {
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32158"
},
{
"name": "20131212 Cisco WebEx Business Suite Site Access Control Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964"
},
{
"name": "cisco-webex-cve20136964-sec-bypass(89690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89690"
},
{
"name": "64280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64280"
}
]
}
}

160
2013/7xxx/CVE-2013-7288.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7288", "ID": "CVE-2013-7288",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs."
{ }
"name" : "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64570", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64570" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "101544", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/101544" ]
}, },
{ "references": {
"name" : "55945", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55945" "name": "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547",
} "refsource": "CONFIRM",
] "url": "https://github.com/mybb/mybb/commit/238696e37d6a22b89e6bba11e4de3e6620cb5547"
} },
} {
"name": "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release",
"refsource": "CONFIRM",
"url": "http://blog.mybb.com/2013/12/16/mybb-1-6-12-released-security-maintenance-release"
},
{
"name": "55945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55945"
},
{
"name": "64570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64570"
},
{
"name": "101544",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/101544"
}
]
}
}

142
2017/10xxx/CVE-2017-10169.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10169", "ID": "CVE-2017-10169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality 9700", "product_name": "Hospitality 9700",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "4.0" "version_value": "4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Operation Security). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "99823", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99823" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038941", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038941" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality 9700 executes to compromise Oracle Hospitality 9700. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality 9700 accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name": "99823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99823"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

204
2017/10xxx/CVE-2017-10605.json
View File

@ -1,104 +1,104 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC" : "2017-07-12T09:00", "DATE_PUBLIC": "2017-07-12T09:00",
"ID" : "CVE-2017-10605", "ID": "CVE-2017-10605",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Junos: SRX Series denial of service vulnerability in flowd due to crafted DHCP packet" "TITLE": "Junos: SRX Series denial of service vulnerability in flowd due to crafted DHCP packet"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Junos OS", "product_name": "Junos OS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"platform" : "vSRX or SRX Series", "platform": "vSRX or SRX Series",
"version_value" : "12.1X46 prior to 12.1X46-D67" "version_value": "12.1X46 prior to 12.1X46-D67"
}, },
{ {
"platform" : "vSRX or SRX Series", "platform": "vSRX or SRX Series",
"version_value" : "12.3X48 prior to 12.3X48-D50" "version_value": "12.3X48 prior to 12.3X48-D50"
}, },
{ {
"platform" : "vSRX or SRX Series", "platform": "vSRX or SRX Series",
"version_value" : "15.1X49 prior to 15.1X49-D91, 15.1X49-D100" "version_value": "15.1X49 prior to 15.1X49-D91, 15.1X49-D100"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "This issue only affects devices with DHCP or DHCP relay is configured."
}
],
"credit" : [],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series."
}
]
},
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network.",
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.6,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service vulnerability"
}
] ]
} }
] },
}, "configuration": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "This issue only affects devices with DHCP or DHCP relay is configured."
"name" : "https://kb.juniper.net/JSA10789", }
"refsource" : "CONFIRM", ],
"url" : "https://kb.juniper.net/JSA10789" "credit": [],
}, "data_format": "MITRE",
{ "data_type": "CVE",
"name" : "1038891", "data_version": "4.0",
"refsource" : "SECTRACK", "description": {
"url" : "http://www.securitytracker.com/id/1038891" "description_data": [
} {
] "lang": "eng",
}, "value": "On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series."
"solution" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D67, 12.3X48-D50, 15.1X49-D91, 15.1X49-D100, and all subsequent releases.\n\nThis issue is being tracked as PR 1270493 and is visible on the Customer Support website.", }
"work_around" : [] ]
} },
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038891"
},
{
"name": "https://kb.juniper.net/JSA10789",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10789"
}
]
},
"solution": "The following software releases have been updated to resolve this specific issue: 12.1X46-D67, 12.3X48-D50, 15.1X49-D91, 15.1X49-D100, and all subsequent releases.\n\nThis issue is being tracked as PR 1270493 and is visible on the Customer Support website.",
"work_around": []
}

34
2017/10xxx/CVE-2017-10632.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10632", "ID": "CVE-2017-10632",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2017/13xxx/CVE-2017-13236.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-02-05T00:00:00", "DATE_PUBLIC": "2018-02-05T00:00:00",
"ID" : "CVE-2017-13236", "ID": "CVE-2017-13236",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43996", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43996/" "lang": "eng",
}, "value": "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699."
{ }
"name" : "https://source.android.com/security/bulletin/2018-02-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2018-02-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102979", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102979" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "43996",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43996/"
},
{
"name": "https://source.android.com/security/bulletin/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-02-01"
},
{
"name": "102979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102979"
}
]
}
}

34
2017/13xxx/CVE-2017-13335.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13335", "ID": "CVE-2017-13335",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13532.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13532", "ID": "CVE-2017-13532",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/13xxx/CVE-2017-13746.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13746", "ID": "CVE-2017-13746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485286", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485286" "lang": "eng",
}, "value": "There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack."
{ }
"name" : "100514", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100514" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100514"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485286",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485286"
}
]
}
}

120
2017/17xxx/CVE-2017-17161.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17161", "ID": "CVE-2017-17161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Duke-L09", "product_name": "Duke-L09",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions" "version_value": "Earlier than Duke-L09C10B186 versions, Earlier than Duke-L09C432B187 versions, Earlier than Duke-L09C636B186 versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en" "lang": "eng",
} "value": "The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en"
}
]
}
}

216
2017/17xxx/CVE-2017-17169.json
View File

@ -1,110 +1,110 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17169", "ID": "CVE-2017-17169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DP300", "product_name": "DP300",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "V500R002C00B010" "version_value": "V500R002C00B010"
}, },
{ {
"version_value" : "V500R002C00B011" "version_value": "V500R002C00B011"
}, },
{ {
"version_value" : "V500R002C00B012" "version_value": "V500R002C00B012"
}, },
{ {
"version_value" : "V500R002C00B013" "version_value": "V500R002C00B013"
}, },
{ {
"version_value" : "V500R002C00B014" "version_value": "V500R002C00B014"
}, },
{ {
"version_value" : "V500R002C00B017" "version_value": "V500R002C00B017"
}, },
{ {
"version_value" : "V500R002C00B018" "version_value": "V500R002C00B018"
}, },
{ {
"version_value" : "V500R002C00SPC100" "version_value": "V500R002C00SPC100"
}, },
{ {
"version_value" : "V500R002C00SPC200" "version_value": "V500R002C00SPC200"
}, },
{ {
"version_value" : "V500R002C00SPC300" "version_value": "V500R002C00SPC300"
}, },
{ {
"version_value" : "V500R002C00SPC400" "version_value": "V500R002C00SPC400"
}, },
{ {
"version_value" : "V500R002C00SPC500" "version_value": "V500R002C00SPC500"
}, },
{ {
"version_value" : "V500R002C00SPC600" "version_value": "V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC800" "version_value": "V500R002C00SPC800"
}, },
{ {
"version_value" : "V500R002C00SPC900" "version_value": "V500R002C00SPC900"
}, },
{ {
"version_value" : "V500R002C00SPCa00" "version_value": "V500R002C00SPCa00"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en" "lang": "eng",
} "value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
}
}

170
2017/17xxx/CVE-2017-17500.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17500", "ID": "CVE-2017-17500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" "lang": "eng",
}, "value": "ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file."
{ }
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931", "description": [
"refsource" : "CONFIRM", {
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/523/", ]
"refsource" : "CONFIRM", }
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/523/" ]
}, },
{ "references": {
"name" : "DSA-4321", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4321" "name": "DSA-4321",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4321"
"name" : "102164", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102164" "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
} "refsource": "MLIST",
] "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
} },
} {
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931"
},
{
"name": "102164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102164"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/523/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/523/"
}
]
}
}

120
2017/17xxx/CVE-2017-17745.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17745", "ID": "CVE-2017-17745",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20171219 Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Dec/67" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20171219 Multiple Vulnerabilities in TP-Link TL-SG108E - CVE-2017-17745, CVE-2017-17746, CVE-2017-17747",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/67"
}
]
}
}

34
2017/9xxx/CVE-2017-9102.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9102", "ID": "CVE-2017-9102",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/9xxx/CVE-2017-9468.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9468", "ID": "CVE-2017-9468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/06/06/4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://openwall.com/lists/oss-security/2017/06/06/4" "lang": "eng",
}, "value": "In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash."
{ }
"name" : "https://irssi.org/security/irssi_sa_2017_06.txt", ]
"refsource" : "CONFIRM", },
"url" : "https://irssi.org/security/irssi_sa_2017_06.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3885", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3885" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99015", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99015" ]
}, },
{ "references": {
"name" : "1038621", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038621" "name": "DSA-3885",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3885"
} },
} {
"name": "http://openwall.com/lists/oss-security/2017/06/06/4",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/06/06/4"
},
{
"name": "https://irssi.org/security/irssi_sa_2017_06.txt",
"refsource": "CONFIRM",
"url": "https://irssi.org/security/irssi_sa_2017_06.txt"
},
{
"name": "99015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99015"
},
{
"name": "1038621",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038621"
}
]
}
}

120
2017/9xxx/CVE-2017-9584.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9584", "ID": "CVE-2017-9584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"HBO Mobile Banking\" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" "lang": "eng",
} "value": "The \"HBO Mobile Banking\" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}
}

150
2017/9xxx/CVE-2017-9618.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9618", "ID": "CVE-2017-9618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb" "lang": "eng",
}, "value": "The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document."
{ }
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698044", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698044" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201811-12", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-12" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99993", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99993" ]
} },
] "references": {
} "reference_data": [
} {
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698044",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698044"
},
{
"name": "99993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99993"
}
]
}
}

34
2017/9xxx/CVE-2017-9688.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9688", "ID": "CVE-2017-9688",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/0xxx/CVE-2018-0243.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0243", "ID": "CVE-2018-0243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Firepower System Software", "product_name": "Cisco Firepower System Software",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Firepower System Software" "version_value": "Cisco Firepower System Software"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss" "lang": "eng",
}, "value": "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807."
{ }
"name" : "103943", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103943" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103943"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss"
}
]
}
}

122
2018/0xxx/CVE-2018-0724.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@qnapsecurity.com.tw", "ASSIGNER": "security@qnap.com",
"DATE_PUBLIC" : "2018-12-26T00:00:00", "DATE_PUBLIC": "2018-12-26T00:00:00",
"ID" : "CVE-2018-0724", "ID": "CVE-2018-0724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Q'center Virtual Appliance", "product_name": "Q'center Virtual Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Q'center Virtual Appliance 1.8.1014 and earlier versions" "version_value": "Q'center Virtual Appliance 1.8.1014 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QNAP" "vendor_name": "QNAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
}
]
}
}

134
2018/1000xxx/CVE-2018-1000125.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "3/1/2018 18:13:33", "DATE_ASSIGNED": "3/1/2018 18:13:33",
"ID" : "CVE-2018-1000125", "ID": "CVE-2018-1000125",
"REQUESTER" : "daniel@inversoft.com", "REQUESTER": "daniel@inversoft.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "prime-jwt", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "inversoft" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/inversoft/prime-jwt/blob/master/CHANGES", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/inversoft/prime-jwt/blob/master/CHANGES" "lang": "eng",
}, "value": "inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227."
{ }
"name" : "https://github.com/inversoft/prime-jwt/issues/2", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/inversoft/prime-jwt/issues/2" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inversoft/prime-jwt/blob/master/CHANGES",
"refsource": "CONFIRM",
"url": "https://github.com/inversoft/prime-jwt/blob/master/CHANGES"
},
{
"name": "https://github.com/inversoft/prime-jwt/issues/2",
"refsource": "CONFIRM",
"url": "https://github.com/inversoft/prime-jwt/issues/2"
}
]
}
}

156
2018/1000xxx/CVE-2018-1000842.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.479249", "DATE_ASSIGNED": "2018-11-27T13:54:33.479249",
"DATE_REQUESTED" : "2018-10-27T06:04:25", "DATE_REQUESTED": "2018-10-27T06:04:25",
"ID" : "CVE-2018-1000842", "ID": "CVE-2018-1000842",
"REQUESTER" : "security@fatfreecrm.com", "REQUESTER": "security@fatfreecrm.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FatFreeCRM", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "FatFreeCRM" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa" "lang": "eng",
}, "value": "FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on end user browsers when they visit the page. This vulnerability appears to have been fixed in 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2."
{ }
"name" : "https://github.com/asteinhauser/fat_free_crm/issues/1", ]
"refsource" : "MISC", },
"url" : "https://github.com/asteinhauser/fat_free_crm/issues/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc", ]
"refsource" : "MISC", }
"url" : "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/asteinhauser/fat_free_crm/issues/1",
"refsource": "MISC",
"url": "https://github.com/asteinhauser/fat_free_crm/issues/1"
},
{
"name": "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa",
"refsource": "MISC",
"url": "https://github.com/asteinhauser/fat_free_crm/commit/306f940b26ccf3f406665f07bece1229a7a5dcfa"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29",
"refsource": "MISC",
"url": "https://github.com/fatfreecrm/fat_free_crm/wiki/XSS-Vulnerability-%282018-10-27%29"
},
{
"name": "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/fat-free-crm-users/TxsdZXSe7Jc"
}
]
}
}

34
2018/18xxx/CVE-2018-18447.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18447", "ID": "CVE-2018-18447",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/19xxx/CVE-2018-19536.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19536", "ID": "CVE-2018-19536",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/19xxx/CVE-2018-19579.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19579", "ID": "CVE-2018-19579",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/19xxx/CVE-2018-19895.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19895", "ID": "CVE-2018-19895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/thinkcmf/cmfx/issues/26", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/thinkcmf/cmfx/issues/26" "lang": "eng",
} "value": "ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thinkcmf/cmfx/issues/26",
"refsource": "MISC",
"url": "https://github.com/thinkcmf/cmfx/issues/26"
}
]
}
}

218
2018/1xxx/CVE-2018-1244.json
View File

@ -1,111 +1,111 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Security_Alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-26T05:00:00.000Z", "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
"ID" : "CVE-2018-1244", "ID": "CVE-2018-1244",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent. " "TITLE": "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent. "
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "iDRAC7", "product_name": "iDRAC7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "2.60.60.60" "version_value": "2.60.60.60"
} }
] ]
} }
}, },
{ {
"product_name" : "iDRAC8", "product_name": "iDRAC8",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "2.60.60.60" "version_value": "2.60.60.60"
} }
] ]
} }
}, },
{ {
"product_name" : "iDRAC9", "product_name": "iDRAC9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "3.21.21.21" "version_value": "3.21.21.21"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command injection vulnerability in the SNMP agent. "
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494" "lang": "eng",
}, "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
{ }
"name" : "104964", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104964" "impact": {
} "cvss": {
] "attackComplexity": "LOW",
}, "attackVector": "NETWORK",
"source" : { "availabilityImpact": "HIGH",
"discovery" : "UNKNOWN" "baseScore": 8.8,
} "baseSeverity": "HIGH",
} "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command injection vulnerability in the SNMP agent. "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104964"
},
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
"refsource": "CONFIRM",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/1xxx/CVE-2018-1365.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1365", "ID": "CVE-2018-1365",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2018/1xxx/CVE-2018-1513.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-18T00:00:00", "DATE_PUBLIC": "2018-07-18T00:00:00",
"ID" : "CVE-2018-1513", "ID": "CVE-2018-1513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sterling B2B Integrator", "product_name": "Sterling B2B Integrator",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.2.6" "version_value": "5.2.6"
}, },
{ {
"version_value" : "5.2.0" "version_value": "5.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45190", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45190/" "lang": "eng",
}, "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10717031", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10717031" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "104910", "A": "N",
"refsource" : "BID", "AC": "L",
"url" : "http://www.securityfocus.com/bid/104910" "AV": "N",
}, "C": "L",
{ "I": "L",
"name" : "ibm-sterling-cve20181513-xss(141551)", "PR": "L",
"refsource" : "XF", "S": "C",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141551" "SCORE": "5.400",
} "UI": "R"
] },
} "TM": {
} "E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sterling-cve20181513-xss(141551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141551"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10717031",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10717031"
},
{
"name": "104910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104910"
},
{
"name": "45190",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45190/"
}
]
}
}

200
2018/1xxx/CVE-2018-1672.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-25T00:00:00", "DATE_PUBLIC": "2018-09-25T00:00:00",
"ID" : "CVE-2018-1672", "ID": "CVE-2018-1672",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebSphere Portal", "product_name": "WebSphere Portal",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.5" "version_value": "8.5"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "U",
"SCORE" : "5.000",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716981" "lang": "eng",
}, "value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
{ }
"name" : "1041766", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041766" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-websphere-cve20181672-session-fixation(144958)", "A": "L",
"refsource" : "XF", "AC": "H",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958" "AV": "N",
} "C": "L",
] "I": "L",
} "PR": "L",
} "S": "U",
"SCORE": "5.000",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041766"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10716981",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
]
}
}