admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:12:34 +00:00
parent af89c5b094
commit efa80baa5a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3607 additions and 3607 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2001/0xxx/CVE-2001-0569.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23",
"refsource" : "CONFIRM",
"url" : "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name" : "MDKSA-2001:025 ",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name" : "DSA-043",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2001/dsa-043"
},
{
"name" : "RHSA-2001:021",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name" : "CLA-2001:382",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-043",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"name": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"refsource": "MANDRAKE",
"name": "MDKSA-2001:025",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382"
}
]
}
}

34
2001/1xxx/CVE-2001-1167.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1167",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-0976. Reason: This candidate is a duplicate of CVE-2001-0976. Notes: CVE-2001-0976 should be used instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2001-1167",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-0976. Reason: This candidate is a duplicate of CVE-2001-0976. Notes: CVE-2001-0976 should be used instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

190
2001/1xxx/CVE-2001-1308.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CA-2001-18",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2001-18.html"
},
{
"name" : "VU#276944",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/276944"
},
{
"name" : "L-116",
"refsource" : "CIAC",
"url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
},
{
"name" : "20011102-01-I",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I"
},
{
"name" : "http://www.kb.cert.org/vuls/id/JPLA-4WESMM",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/JPLA-4WESMM"
},
{
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
"refsource" : "MISC",
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
},
{
"name" : "3039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3039"
},
{
"name" : "iplanet-ldap-protos-format-string(6898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iplanet-ldap-protos-format-string(6898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6898"
},
{
"name": "3039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3039"
},
{
"name": "CA-2001-18",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-18.html"
},
{
"name": "20011102-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
},
{
"name": "L-116",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
},
{
"name": "VU#276944",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/276944"
},
{
"name": "http://www.kb.cert.org/vuls/id/JPLA-4WESMM",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/JPLA-4WESMM"
}
]
}
}

140
2008/1xxx/CVE-2008-1961.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5469",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5469"
},
{
"name" : "28850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28850"
},
{
"name" : "allmyguests-index-sql-injection(41910)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "allmyguests-index-sql-injection(41910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41910"
},
{
"name": "28850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28850"
},
{
"name": "5469",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5469"
}
]
}
}

210
2008/5xxx/CVE-2008-5415.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081210 CA ARCserve Backup LDBserver Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499104/100/0/threaded"
},
{
"name" : "20081211 Secunia Research: CA ARCserve Backup RPC \"handle_t\" Argument Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499128/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2007-82/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-82/"
},
{
"name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx",
"refsource" : "CONFIRM",
"url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293"
},
{
"name" : "32764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32764"
},
{
"name" : "ADV-2008-3404",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3404"
},
{
"name" : "50683",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50683"
},
{
"name" : "27299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27299"
},
{
"name" : "4708",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4708"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081211 Secunia Research: CA ARCserve Backup RPC \"handle_t\" Argument Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499128/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2007-82/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-82/"
},
{
"name": "27299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27299"
},
{
"name": "4708",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4708"
},
{
"name": "ADV-2008-3404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3404"
},
{
"name": "50683",
"refsource": "OSVDB",
"url": "http://osvdb.org/50683"
},
{
"name": "32764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32764"
},
{
"name": "20081210 CA ARCserve Backup LDBserver Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499104/100/0/threaded"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx"
}
]
}
}

160
2008/5xxx/CVE-2008-5894.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7458",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7458"
},
{
"name" : "32815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32815"
},
{
"name" : "33176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33176"
},
{
"name" : "4904",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4904"
},
{
"name" : "mediatheka-index-file-include(47349)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7458",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7458"
},
{
"name": "32815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32815"
},
{
"name": "4904",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4904"
},
{
"name": "mediatheka-index-file-include(47349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47349"
},
{
"name": "33176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33176"
}
]
}
}

140
2008/5xxx/CVE-2008-5910.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown impact and local attack vectors, related to a \"Temporary file vulnerability,\" aka Bug ID 6653462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://opensolaris.org/os/bug_reports/request_sponsor/",
"refsource" : "MISC",
"url" : "http://opensolaris.org/os/bug_reports/request_sponsor/"
},
{
"name" : "33395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33395"
},
{
"name" : "opensolaris-txzonemgr-unspecified(48150)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown impact and local attack vectors, related to a \"Temporary file vulnerability,\" aka Bug ID 6653462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://opensolaris.org/os/bug_reports/request_sponsor/",
"refsource": "MISC",
"url": "http://opensolaris.org/os/bug_reports/request_sponsor/"
},
{
"name": "opensolaris-txzonemgr-unspecified(48150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48150"
},
{
"name": "33395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33395"
}
]
}
}

170
2011/2xxx/CVE-2011-2064.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110706 Cisco Content Services Gateway Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b86503.shtml"
},
{
"name" : "48581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48581"
},
{
"name" : "73657",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/73657"
},
{
"name" : "1025748",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025748"
},
{
"name" : "45148",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45148"
},
{
"name" : "cisco-csg-icmp-dos(68408)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68408"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45148",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45148"
},
{
"name": "20110706 Cisco Content Services Gateway Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b86503.shtml"
},
{
"name": "1025748",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025748"
},
{
"name": "48581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48581"
},
{
"name": "cisco-csg-icmp-dos(68408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68408"
},
{
"name": "73657",
"refsource": "OSVDB",
"url": "http://osvdb.org/73657"
}
]
}
}

140
2011/2xxx/CVE-2011-2319.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality, related to JMS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-2319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name" : "50206",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50206"
},
{
"name" : "76493",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality, related to JMS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name": "50206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50206"
},
{
"name": "76493",
"refsource": "OSVDB",
"url": "http://osvdb.org/76493"
}
]
}
}

270
2011/2xxx/CVE-2011-2373.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-20.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=617247",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=617247"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100144854",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144854"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100145333",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100145333"
},
{
"name" : "DSA-2268",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2268"
},
{
"name" : "DSA-2269",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2269"
},
{
"name" : "DSA-2273",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2273"
},
{
"name" : "MDVSA-2011:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
},
{
"name" : "RHSA-2011:0885",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
},
{
"name" : "RHSA-2011:0887",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
},
{
"name" : "RHSA-2011:0888",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
},
{
"name" : "SUSE-SA:2011:028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name" : "USN-1149-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1149-1"
},
{
"name" : "oval:org.mitre.oval:def:14178",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14178"
},
{
"name" : "45002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45002"
},
{
"name" : "thunderbird-xul-code-exec(68133)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111"
},
{
"name": "45002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45002"
},
{
"name": "http://support.avaya.com/css/P8/documents/100145333",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100145333"
},
{
"name": "USN-1149-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1149-1"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144854",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144854"
},
{
"name": "RHSA-2011:0887",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html"
},
{
"name": "oval:org.mitre.oval:def:14178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14178"
},
{
"name": "RHSA-2011:0885",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html"
},
{
"name": "DSA-2268",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2268"
},
{
"name": "RHSA-2011:0888",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-20.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-20.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=617247",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=617247"
},
{
"name": "DSA-2269",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2269"
},
{
"name": "SUSE-SA:2011:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name": "DSA-2273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2273"
},
{
"name": "thunderbird-xul-code-exec(68133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68133"
}
]
}
}

220
2011/2xxx/CVE-2011-2872.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "52365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52365"
},
{
"name" : "79911",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79911"
},
{
"name" : "oval:org.mitre.oval:def:17438",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17438"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20112872-code-execution(73801)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52365"
},
{
"name": "79911",
"refsource": "OSVDB",
"url": "http://osvdb.org/79911"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "apple-webkit-cve20112872-code-execution(73801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73801"
},
{
"name": "oval:org.mitre.oval:def:17438",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17438"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

160
2013/0xxx/CVE-2013-0372.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "HPSBST02955",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "57378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57378"
},
{
"name" : "57126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57378"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
}
]
}
}

140
2013/0xxx/CVE-2013-0708.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tech.bayashi.net/dc/",
"refsource" : "CONFIRM",
"url" : "http://tech.bayashi.net/dc/"
},
{
"name" : "JVN#64756004",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN64756004/index.html"
},
{
"name" : "JVNDB-2013-000013",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#64756004",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN64756004/index.html"
},
{
"name": "http://tech.bayashi.net/dc/",
"refsource": "CONFIRM",
"url": "http://tech.bayashi.net/dc/"
},
{
"name": "JVNDB-2013-000013",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000013"
}
]
}
}

310
2013/0xxx/CVE-2013-0783.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-21.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=690970",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=690970"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=761448",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=761448"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=780549",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=780549"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=812380",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=812380"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=818241",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=818241"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=822858",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=822858"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826471",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826471"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830399",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830399"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830975",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830975"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=832162",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=832162"
},
{
"name" : "DSA-2699",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2699"
},
{
"name" : "RHSA-2013:0271",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0271.html"
},
{
"name" : "RHSA-2013:0272",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0272.html"
},
{
"name" : "openSUSE-SU-2013:0323",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html"
},
{
"name" : "openSUSE-SU-2013:0324",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html"
},
{
"name" : "USN-1729-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1729-1"
},
{
"name" : "USN-1729-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1729-2"
},
{
"name" : "USN-1748-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1748-1"
},
{
"name" : "oval:org.mitre.oval:def:16219",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2699",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2699"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=761448",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=761448"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=830975",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830975"
},
{
"name": "USN-1729-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1729-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=818241",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=818241"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-21.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-21.html"
},
{
"name": "USN-1729-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1729-2"
},
{
"name": "USN-1748-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1748-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=690970",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=690970"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=812380",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=812380"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=830399",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830399"
},
{
"name": "openSUSE-SU-2013:0324",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html"
},
{
"name": "RHSA-2013:0271",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0271.html"
},
{
"name": "RHSA-2013:0272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0272.html"
},
{
"name": "oval:org.mitre.oval:def:16219",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16219"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=822858",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822858"
},
{
"name": "openSUSE-SU-2013:0323",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=826471",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=826471"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=780549",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=780549"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=832162",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=832162"
}
]
}
}

220
2013/0xxx/CVE-2013-0926.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.chromium.org/gitweb/?p=chromium/src.git;a=commit;h=52a30db57ecec68bb3b25fdc3de5e9bee7b80ed7",
"refsource" : "CONFIRM",
"url" : "http://git.chromium.org/gitweb/?p=chromium/src.git;a=commit;h=52a30db57ecec68bb3b25fdc3de5e9bee7b80ed7"
},
{
"name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html"
},
{
"name" : "https://chromiumcodereview.appspot.com/11884025",
"refsource" : "CONFIRM",
"url" : "https://chromiumcodereview.appspot.com/11884025"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=112325",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=112325"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=176856",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=176856"
},
{
"name" : "http://support.apple.com/kb/HT5785",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5785"
},
{
"name" : "http://support.apple.com/kb/HT5934",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5934"
},
{
"name" : "APPLE-SA-2013-06-04-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
},
{
"name" : "APPLE-SA-2013-09-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:16601",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16601"
},
{
"name" : "54886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16601"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=112325",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=112325"
},
{
"name": "https://src.chromium.org/viewvc/chrome?view=rev&revision=176856",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?view=rev&revision=176856"
},
{
"name": "http://support.apple.com/kb/HT5785",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5785"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html"
},
{
"name": "https://chromiumcodereview.appspot.com/11884025",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/11884025"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "http://git.chromium.org/gitweb/?p=chromium/src.git;a=commit;h=52a30db57ecec68bb3b25fdc3de5e9bee7b80ed7",
"refsource": "CONFIRM",
"url": "http://git.chromium.org/gitweb/?p=chromium/src.git;a=commit;h=52a30db57ecec68bb3b25fdc3de5e9bee7b80ed7"
},
{
"name": "APPLE-SA-2013-06-04-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

270
2013/1xxx/CVE-2013-1692.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-54.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-54.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866915",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=866915"
},
{
"name" : "DSA-2716",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2716"
},
{
"name" : "DSA-2720",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2720"
},
{
"name" : "RHSA-2013:0981",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html"
},
{
"name" : "RHSA-2013:0982",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html"
},
{
"name" : "SUSE-SU-2013:1152",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"
},
{
"name" : "SUSE-SU-2013:1153",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2013:1140",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"
},
{
"name" : "openSUSE-SU-2013:1141",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"
},
{
"name" : "openSUSE-SU-2013:1142",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"
},
{
"name" : "openSUSE-SU-2013:1143",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"
},
{
"name" : "USN-1890-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1890-1"
},
{
"name" : "USN-1891-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1891-1"
},
{
"name" : "60783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60783"
},
{
"name" : "oval:org.mitre.oval:def:17096",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1890-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1890-1"
},
{
"name": "RHSA-2013:0982",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"
},
{
"name": "SUSE-SU-2013:1153",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=866915",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=866915"
},
{
"name": "SUSE-SU-2013:1152",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"
},
{
"name": "RHSA-2013:0981",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"
},
{
"name": "oval:org.mitre.oval:def:17096",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17096"
},
{
"name": "USN-1891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1891-1"
},
{
"name": "openSUSE-SU-2013:1141",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"
},
{
"name": "DSA-2716",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2716"
},
{
"name": "openSUSE-SU-2013:1142",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"
},
{
"name": "openSUSE-SU-2013:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"
},
{
"name": "60783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60783"
},
{
"name": "DSA-2720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2720"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-54.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-54.html"
},
{
"name": "openSUSE-SU-2013:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"
}
]
}
}

160
2013/1xxx/CVE-2013-1762.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.stunnel.org/CVE-2013-1762.html",
"refsource" : "CONFIRM",
"url" : "https://www.stunnel.org/CVE-2013-1762.html"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097"
},
{
"name" : "DSA-2664",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2664"
},
{
"name" : "MDVSA-2013:130",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:130"
},
{
"name" : "RHSA-2013:0714",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0714.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:130",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:130"
},
{
"name": "RHSA-2013:0714",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0714.html"
},
{
"name": "https://www.stunnel.org/CVE-2013-1762.html",
"refsource": "CONFIRM",
"url": "https://www.stunnel.org/CVE-2013-1762.html"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0097"
},
{
"name": "DSA-2664",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2664"
}
]
}
}

180
2013/1xxx/CVE-2013-1940.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130418 Xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/18/3"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=63353",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=63353"
},
{
"name" : "DSA-2661",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2661"
},
{
"name" : "FEDORA-2013-5883",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html"
},
{
"name" : "FEDORA-2013-5928",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html"
},
{
"name" : "openSUSE-SU-2013:0878",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html"
},
{
"name" : "USN-1803-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1803-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=63353",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=63353"
},
{
"name": "USN-1803-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1803-1"
},
{
"name": "FEDORA-2013-5883",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104089.html"
},
{
"name": "openSUSE-SU-2013:0878",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00015.html"
},
{
"name": "DSA-2661",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2661"
},
{
"name": "[oss-security] 20130418 Xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/18/3"
},
{
"name": "FEDORA-2013-5928",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102391.html"
}
]
}
}

180
2013/3xxx/CVE-2013-3335.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2013-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
},
{
"name" : "RHSA-2013:0825",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
},
{
"name" : "SUSE-SU-2013:0798",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
},
{
"name" : "openSUSE-SU-2013:0892",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
},
{
"name" : "openSUSE-SU-2013:0954",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
},
{
"name" : "oval:org.mitre.oval:def:16921",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16921"
},
{
"name" : "53442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0892",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
},
{
"name": "53442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53442"
},
{
"name": "SUSE-SU-2013:0798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:16921",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16921"
},
{
"name": "openSUSE-SU-2013:0954",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
},
{
"name": "RHSA-2013:0825",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
}
]
}
}

150
2013/4xxx/CVE-2013-4319.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130909 CVE request: Torque privilege escalation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/09/09/4"
},
{
"name" : "[oss-security] 20130909 Re: CVE request: Torque privilege escalation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/09/09/11"
},
{
"name" : "[torqueusers] 20130906 security advisory",
"refsource" : "MLIST",
"url" : "http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html"
},
{
"name" : "DSA-2770",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130909 Re: CVE request: Torque privilege escalation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/09/11"
},
{
"name": "DSA-2770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2770"
},
{
"name": "[torqueusers] 20130906 security advisory",
"refsource": "MLIST",
"url": "http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html"
},
{
"name": "[oss-security] 20130909 CVE request: Torque privilege escalation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/09/4"
}
]
}
}

180
2013/4xxx/CVE-2013-4338.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codex.wordpress.org/Version_3.6.1",
"refsource" : "CONFIRM",
"url" : "http://codex.wordpress.org/Version_3.6.1"
},
{
"name" : "http://core.trac.wordpress.org/changeset/25325",
"refsource" : "CONFIRM",
"url" : "http://core.trac.wordpress.org/changeset/25325"
},
{
"name" : "http://wordpress.org/news/2013/09/wordpress-3-6-1/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2013/09/wordpress-3-6-1/"
},
{
"name" : "DSA-2757",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2757"
},
{
"name" : "FEDORA-2013-16855",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html"
},
{
"name" : "FEDORA-2013-16895",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html"
},
{
"name" : "FEDORA-2013-16925",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-16925",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html"
},
{
"name": "http://core.trac.wordpress.org/changeset/25325",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/changeset/25325"
},
{
"name": "FEDORA-2013-16855",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html"
},
{
"name": "DSA-2757",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2757"
},
{
"name": "http://codex.wordpress.org/Version_3.6.1",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.6.1"
},
{
"name": "http://wordpress.org/news/2013/09/wordpress-3-6-1/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2013/09/wordpress-3-6-1/"
},
{
"name": "FEDORA-2013-16895",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html"
}
]
}
}

250
2013/4xxx/CVE-2013-4931.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=50504&r2=50503&pathrev=50504",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=50504&r2=50503&pathrev=50504"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50504",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50504"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8923",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8923"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2013-49.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2013-49.html"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "RHSA-2014:0341",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name" : "openSUSE-SU-2013:1295",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2013:1300",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html"
},
{
"name" : "oval:org.mitre.oval:def:17325",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17325"
},
{
"name" : "54371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54371"
},
{
"name" : "54296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54296"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54371"
},
{
"name": "openSUSE-SU-2013:1300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html"
},
{
"name": "RHSA-2014:0341",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8923",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8923"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=50504&r2=50503&pathrev=50504",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/proto.c?r1=50504&r2=50503&pathrev=50504"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50504",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=50504"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2013-49.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2013-49.html"
},
{
"name": "openSUSE-SU-2013:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html"
},
{
"name": "54296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54296"
},
{
"name": "oval:org.mitre.oval:def:17325",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17325"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html"
}
]
}
}

140
2013/5xxx/CVE-2013-5461.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/"
},
{
"name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/"
},
{
"name" : "ibm-tivoli-cve20135461-info-disc(88309)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20135461-info-disc(88309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88309"
},
{
"name": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/"
},
{
"name": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/"
}
]
}
}

210
2017/12xxx/CVE-2017-12134.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170815 Xen Security Advisory 229 (CVE-2017-12134) - linux: Fix Xen block IO merge-ability calculation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/08/15/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477656",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477656"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-229.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-229.html"
},
{
"name" : "https://support.citrix.com/article/CTX225941",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX225941"
},
{
"name" : "DSA-3981",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3981"
},
{
"name" : "GLSA-201801-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-14"
},
{
"name" : "USN-3655-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3655-2/"
},
{
"name" : "USN-3655-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3655-1/"
},
{
"name" : "100343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100343"
},
{
"name" : "1039176",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX225941",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX225941"
},
{
"name": "1039176",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039176"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-229.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-229.html"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"name": "USN-3655-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477656",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477656"
},
{
"name": "GLSA-201801-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-14"
},
{
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "[oss-security] 20170815 Xen Security Advisory 229 (CVE-2017-12134) - linux: Fix Xen block IO merge-ability calculation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/15/4"
},
{
"name": "100343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100343"
}
]
}
}

130
2017/12xxx/CVE-2017-12317.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AMP for Endpoints",
"version" : {
"version_data" : [
{
"version_value" : "Cisco AMP for Endpoints"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AMP for Endpoints",
"version": {
"version_data": [
{
"version_value": "Cisco AMP for Endpoints"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe"
},
{
"name" : "101520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101520"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171020-ampfe"
}
]
}
}

140
2017/12xxx/CVE-2017-12370.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx Recording Format and Advanced Recording Format Players",
"version" : {
"version_data" : [
{
"version_value" : "Cisco WebEx Recording Format and Advanced Recording Format Players"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A \"Cisco WebEx Network Recording Player Remote Code Execution Vulnerability\" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Recording Format and Advanced Recording Format Players",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Recording Format and Advanced Recording Format Players"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players"
},
{
"name" : "102017",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102017"
},
{
"name" : "1039895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"Cisco WebEx Network Recording Player Remote Code Execution Vulnerability\" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102017"
},
{
"name": "1039895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039895"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players"
}
]
}
}

142
2017/12xxx/CVE-2017-12488.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00",
"ID" : "CVE-2017-12488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
{
"version_value" : "PLAT 7.3 (E0504)"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-11T00:00:00",
"ID": "CVE-2017-12488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value": "PLAT 7.3 (E0504)"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
},
{
"name" : "100367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100367"
},
{
"name" : "1039152",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039152"
},
{
"name": "100367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100367"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
}
]
}
}

162
2017/13xxx/CVE-2017-13151.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-13151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "8.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-13151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "102126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102126"
}
]
}
}

34
2017/13xxx/CVE-2017-13367.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13367",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13367",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/13xxx/CVE-2017-13749.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485285",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485285"
},
{
"name" : "100514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485285",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485285"
},
{
"name": "100514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100514"
}
]
}
}

34
2017/13xxx/CVE-2017-13881.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13881",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13881",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/16xxx/CVE-2017-16395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-16395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Access with Incorrect Length Value"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-16395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name" : "101831",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101831"
},
{
"name" : "1039791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Access with Incorrect Length Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name": "101831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101831"
}
]
}
}

34
2017/16xxx/CVE-2017-16434.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16434",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-16434",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

140
2017/16xxx/CVE-2017-16540.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource" : "MISC",
"url" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
},
{
"name" : "https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html",
"refsource" : "MISC",
"url" : "https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html"
},
{
"name" : "101983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101983"
},
{
"name": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource": "MISC",
"url": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
},
{
"name": "https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html",
"refsource": "MISC",
"url": "https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html"
}
]
}
}

132
2017/16xxx/CVE-2017-16714.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-06T00:00:00",
"ID" : "CVE-2017-16714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thermal Management Center",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 4.13"
}
]
}
}
]
},
"vendor_name" : "Ice Qube"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-06T00:00:00",
"ID": "CVE-2017-16714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thermal Management Center",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13"
}
]
}
}
]
},
"vendor_name": "Ice Qube"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name" : "105303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105303"
}
]
}
}

150
2017/16xxx/CVE-2017-16867.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/",
"refsource" : "MISC",
"url" : "https://www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/"
},
{
"name" : "https://www.theverge.com/2017/11/16/16665064/amazon-key-camera-disable",
"refsource" : "MISC",
"url" : "https://www.theverge.com/2017/11/16/16665064/amazon-key-camera-disable"
},
{
"name" : "https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/",
"refsource" : "MISC",
"url" : "https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/"
},
{
"name" : "101899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/",
"refsource": "MISC",
"url": "https://www.engadget.com/2017/11/16/amazon-key-hack-cloud-cam/"
},
{
"name": "https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/",
"refsource": "MISC",
"url": "https://www.wired.com/story/amazon-key-flaw-let-deliverymen-disable-your-camera/"
},
{
"name": "101899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101899"
},
{
"name": "https://www.theverge.com/2017/11/16/16665064/amazon-key-camera-disable",
"refsource": "MISC",
"url": "https://www.theverge.com/2017/11/16/16665064/amazon-key-camera-disable"
}
]
}
}

34
2017/17xxx/CVE-2017-17368.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17368",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17368",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/4xxx/CVE-2017-4318.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4318",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4318",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4347.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4347",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4347",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4484.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4484",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4484",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4530.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4530",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4530",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

120
2018/18xxx/CVE-2018-18550.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://serverscheck.com/monitoring-software/release.asp",
"refsource" : "MISC",
"url" : "https://serverscheck.com/monitoring-software/release.asp"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://serverscheck.com/monitoring-software/release.asp",
"refsource": "MISC",
"url": "https://serverscheck.com/monitoring-software/release.asp"
}
]
}
}

34
2018/18xxx/CVE-2018-18962.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18962",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18962",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/1xxx/CVE-2018-1578.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1578",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1578",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

182
2018/1xxx/CVE-2018-1977.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-12T00:00:00",
"ID" : "CVE-2018-1977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "11.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "H",
"AV" : "N",
"C" : "N",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-12T00:00:00",
"ID": "CVE-2018-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "11.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10788089",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
},
{
"name" : "106222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106222"
},
{
"name" : "ibm-db2-cve20181977-dos(154032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "5.300",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106222"
},
{
"name": "ibm-db2-cve20181977-dos(154032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154032"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10788089",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10788089"
}
]
}
}

34
2018/1xxx/CVE-2018-1991.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1991",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1991",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/5xxx/CVE-2018-5071.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the \"set ship name\" command. This is similar to a Cross Protocol Injection with SNMP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html",
"refsource" : "MISC",
"url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the \"set ship name\" command. This is similar to a Cross Protocol Injection with SNMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html",
"refsource": "MISC",
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
}
]
}
}

162
2018/5xxx/CVE-2018-5090.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "58"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory safety bugs fixed in Firefox 58"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "58"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1413857%2C1412653%2C1418966%2C1427126%2C1412942%2C1401459%2C1364399%2C1382851%2C1423770%2C1401420%2C1281965%2C1389561%2C1409179%2C1416879%2C1421786%2C1426449%2C1416799%2C1400912%2C1415158%2C1415748%2C1415788%2C1371891%2C1415770%2C1416519%2C1413143%2C1418841%2C1384544%2C1410140%2C1411631%2C1412313%2C1412641%2C1412645%2C1412646%2C1412648%2C1261175",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1413857%2C1412653%2C1418966%2C1427126%2C1412942%2C1401459%2C1364399%2C1382851%2C1423770%2C1401420%2C1281965%2C1389561%2C1409179%2C1416879%2C1421786%2C1426449%2C1416799%2C1400912%2C1415158%2C1415748%2C1415788%2C1371891%2C1415770%2C1416519%2C1413143%2C1418841%2C1384544%2C1410140%2C1411631%2C1412313%2C1412641%2C1412645%2C1412646%2C1412648%2C1261175"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name" : "USN-3544-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3544-1/"
},
{
"name" : "102786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102786"
},
{
"name" : "1040270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 58"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1413857%2C1412653%2C1418966%2C1427126%2C1412942%2C1401459%2C1364399%2C1382851%2C1423770%2C1401420%2C1281965%2C1389561%2C1409179%2C1416879%2C1421786%2C1426449%2C1416799%2C1400912%2C1415158%2C1415748%2C1415788%2C1371891%2C1415770%2C1416519%2C1413143%2C1418841%2C1384544%2C1410140%2C1411631%2C1412313%2C1412641%2C1412645%2C1412646%2C1412648%2C1261175",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1413857%2C1412653%2C1418966%2C1427126%2C1412942%2C1401459%2C1364399%2C1382851%2C1423770%2C1401420%2C1281965%2C1389561%2C1409179%2C1416879%2C1421786%2C1426449%2C1416799%2C1400912%2C1415158%2C1415748%2C1415788%2C1371891%2C1415770%2C1416519%2C1413143%2C1418841%2C1384544%2C1410140%2C1411631%2C1412313%2C1412641%2C1412645%2C1412646%2C1412648%2C1261175"
},
{
"name": "USN-3544-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"name": "102786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102786"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
}
]
}
}

286
2018/5xxx/CVE-2018-5104.json
View File

@ -1,145 +1,145 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.6"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.6"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "58"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free during font face manipulation"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.6"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "58"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name" : "DSA-4096",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4096"
},
{
"name" : "DSA-4102",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4102"
},
{
"name" : "RHSA-2018:0122",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"name" : "RHSA-2018:0262",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name" : "USN-3544-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3544-1/"
},
{
"name" : "102783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102783"
},
{
"name" : "1040270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free during font face manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-03/"
},
{
"name": "1040270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1262-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html"
},
{
"name": "102783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102783"
},
{
"name": "DSA-4096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4096"
},
{
"name": "RHSA-2018:0262",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0262"
},
{
"name": "USN-3544-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-04/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-04/"
},
{
"name": "RHSA-2018:0122",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0122"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name": "[debian-lts-announce] 20180124 [SECURITY] [DLA 1256-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html"
},
{
"name": "DSA-4102",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4102"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1425000"
}
]
}
}

140
2018/5xxx/CVE-2018-5691.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867",
"refsource" : "MISC",
"url" : "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"name" : "https://www.vulnerability-lab.com/get_content.php?id=1819",
"refsource" : "MISC",
"url" : "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003",
"refsource" : "CONFIRM",
"url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=1819",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=1819"
},
{
"name": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867",
"refsource": "MISC",
"url": "http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003"
}
]
}
}

180
2018/5xxx/CVE-2018-5800.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2018-5800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LibRaw",
"version" : {
"version_data" : [
{
"version_value" : "Prior to 0.18.7"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An off-by-one error within the \"LibRaw::kodak_ycbcr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS (Denial of Service) through heap-based buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2018-5800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibRaw",
"version": {
"version_data": [
{
"version_value": "Prior to 0.18.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt",
"refsource" : "MISC",
"url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"name" : "https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914",
"refsource" : "MISC",
"url" : "https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914"
},
{
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/",
"refsource" : "MISC",
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/"
},
{
"name" : "RHSA-2018:3065",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3065"
},
{
"name" : "USN-3615-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3615-1/"
},
{
"name" : "104663",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104663"
},
{
"name" : "79000",
"refsource" : "SECUNIA",
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/79000/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one error within the \"LibRaw::kodak_ycbcr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS (Denial of Service) through heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/"
},
{
"name": "79000",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/79000/"
},
{
"name": "104663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104663"
},
{
"name": "https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914"
},
{
"name": "RHSA-2018:3065",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3065"
},
{
"name": "USN-3615-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3615-1/"
}
]
}
}