admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:19:17 +00:00
parent 087ae5b991
commit f34455c4d6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 2923 additions and 2923 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2008/0xxx/CVE-2008-0054.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0054",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0054",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an \"unexpected selector\" to be used."
"lang": "eng",
"value": "Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an \"unexpected selector\" to be used."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
"name": "macos-nsselectorfromstring-code-execution(41355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41355"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
"name": "28304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28304"
},
{
"name" : "TA08-079A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
"name": "TA08-079A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
},
{
"name" : "28341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28341"
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "28304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28304"
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "1019649",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019649"
"name": "28341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28341"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "macos-nsselectorfromstring-code-execution(41355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41355"
"name": "1019649",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019649"
}
]
}

80
2008/0xxx/CVE-2008-0284.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0284",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0284",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080110 Simple Machines Forum Cross-Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486074/100/0/threaded"
"name": "27218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27218"
},
{
"name" : "27218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27218"
"name": "simplemachinesforum-itemid-xss(39585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39585"
},
{
"name" : "3540",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3540"
"name": "3540",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3540"
},
{
"name" : "simplemachinesforum-itemid-xss(39585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39585"
"name": "20080110 Simple Machines Forum Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486074/100/0/threaded"
}
]
}

146
2008/0xxx/CVE-2008-0485.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0485",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0485",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag."
"lang": "eng",
"value": "Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487500/100/0/threaded"
"name": "ADV-2008-0406",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0406/references"
},
{
"name" : "20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.html"
"name": "http://www.mplayerhq.hu/design7/news.html",
"refsource": "CONFIRM",
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"name" : "http://www.coresecurity.com/?action=item&id=2102",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/?action=item&id=2102"
"name": "MDVSA-2008:045",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
},
{
"name" : "http://www.mplayerhq.hu/design7/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.mplayerhq.hu/design7/news.html"
"name": "28955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28955"
},
{
"name" : "DSA-1496",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1496"
"name": "1019299",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019299"
},
{
"name" : "GLSA-200803-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-16.xml"
"name": "28779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28779"
},
{
"name" : "MDVSA-2008:045",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:045"
"name": "20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.html"
},
{
"name" : "27499",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27499"
"name": "27499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27499"
},
{
"name" : "ADV-2008-0406",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0406/references"
"name": "29307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29307"
},
{
"name" : "1019299",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019299"
"name": "DSA-1496",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1496"
},
{
"name" : "28779",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28779"
"name": "20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487500/100/0/threaded"
},
{
"name" : "28956",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28956"
"name": "3607",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3607"
},
{
"name" : "28955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28955"
"name": "GLSA-200803-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-16.xml"
},
{
"name" : "29307",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29307"
"name": "http://www.coresecurity.com/?action=item&id=2102",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item&id=2102"
},
{
"name" : "3607",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3607"
"name": "28956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28956"
}
]
}

98
2008/1xxx/CVE-2008-1360.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1360",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1360",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.nagios.org/development/changelog.php#2x_branch",
"refsource" : "CONFIRM",
"url" : "http://www.nagios.org/development/changelog.php#2x_branch"
"name": "ADV-2008-0900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0900/references"
},
{
"name" : "MDVSA-2008:067",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name" : "SUSE-SR:2008:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
"name": "MDVSA-2008:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name" : "28250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28250"
"name": "29363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29363"
},
{
"name" : "ADV-2008-0900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0900/references"
"name": "http://www.nagios.org/development/changelog.php#2x_branch",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name" : "29363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29363"
"name": "nagios-unspecified-xss(41210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
},
{
"name" : "nagios-unspecified-xss(41210)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
"name": "28250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28250"
}
]
}

74
2008/1xxx/CVE-2008-1964.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1964",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1964",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length."
"lang": "eng",
"value": "** DISPUTED ** Stack-based buffer overflow in the demux_nsf_send_headers function in src/demuxers/demux_nsf.c in xine-lib allows remote attackers to have an unknown impact via a long copyright field in an NSF header in an NES Sound file, a different issue than CVE-2008-1878. NOTE: a third party claims that the copyright field always has a safe length."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080423 Re: xine-lib NES Sound Format Demuxer Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491274/100/0/threaded"
"name": "28908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28908"
},
{
"name" : "20080423 xine-lib NES Sound Format Demuxer Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491248/100/0/threaded"
"name": "20080423 Re: xine-lib NES Sound Format Demuxer Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491274/100/0/threaded"
},
{
"name" : "28908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28908"
"name": "20080423 xine-lib NES Sound Format Demuxer Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491248/100/0/threaded"
}
]
}

110
2008/3xxx/CVE-2008-3019.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3019",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-3019",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the \"Malformed EPS Filter Vulnerability.\""
"lang": "eng",
"value": "Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the \"Malformed EPS Filter Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBST02360",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
"name": "MS08-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
},
{
"name" : "SSRT080117",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name" : "MS08-044",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "TA08-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
"name": "1020673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020673"
},
{
"name" : "30595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30595"
"name": "oval:org.mitre.oval:def:6122",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6122"
},
{
"name" : "oval:org.mitre.oval:def:6122",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6122"
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "ADV-2008-2348",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2348"
"name": "30595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30595"
},
{
"name" : "1020673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020673"
"name": "ADV-2008-2348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2348"
},
{
"name" : "31336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31336"
"name": "31336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31336"
}
]
}

86
2008/4xxx/CVE-2008-4075.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4075",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4075",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6430",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6430"
"name": "4249",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4249"
},
{
"name" : "31135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31135"
"name": "31135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31135"
},
{
"name" : "31808",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31808"
"name": "discussionboard-index-file-include(45063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45063"
},
{
"name" : "4249",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4249"
"name": "31808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31808"
},
{
"name" : "discussionboard-index-file-include(45063)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45063"
"name": "6430",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6430"
}
]
}

74
2008/4xxx/CVE-2008-4379.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4379",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4379",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6403",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6403"
"name": "6403",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6403"
},
{
"name" : "4336",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4336"
"name": "4336",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4336"
},
{
"name" : "hotlinks-report-xss(44992)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44992"
"name": "hotlinks-report-xss(44992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44992"
}
]
}

74
2013/2xxx/CVE-2013-2328.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2328",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2328",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636."
"lang": "eng",
"value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBMU02883",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
"name": "SSRT101227",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
},
{
"name" : "SSRT101048",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
"name": "SSRT101048",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
},
{
"name" : "SSRT101227",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
"name": "HPSBMU02883",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
}
]
}

22
2013/2xxx/CVE-2013-2667.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2667",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2667",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2013/2xxx/CVE-2013-2835.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2835",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2835",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834."
"lang": "eng",
"value": "Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html"
"name": "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=196456",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=196456"
"name": "https://code.google.com/p/chromium/issues/detail?id=196456",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=196456"
}
]
}

22
2013/3xxx/CVE-2013-3013.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3013",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3013",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/3xxx/CVE-2013-3074.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3074",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3074",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2013/3xxx/CVE-2013-3385.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3385",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3385",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669."
"lang": "eng",
"value": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
"name": "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
},
{
"name" : "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
"name": "20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"
},
{
"name" : "20130626 Multiple Vulnerabilities in Cisco Web Security Appliance",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"
"name": "20130626 Multiple Vulnerabilities in Cisco Email Security Appliance",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"
}
]
}

68
2013/3xxx/CVE-2013-3764.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3764",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3764",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "1028801",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028801"
"name": "1028801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028801"
}
]
}

68
2013/3xxx/CVE-2013-3923.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3923",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3923",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request."
"lang": "eng",
"value": "Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-034.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-034.txt"
"name": "wifihdfree-cve20133923-dir-traversal(89172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89172"
},
{
"name" : "wifihdfree-cve20133923-dir-traversal(89172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89172"
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-034.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-034.txt"
}
]
}

22
2013/4xxx/CVE-2013-4010.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4010",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4010",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/6xxx/CVE-2013-6102.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6102",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6102",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6512.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6512",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6512",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6540.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6540",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6540",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6598.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6598",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6598",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6927.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6927",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6927",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2013/7xxx/CVE-2013-7291.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7291",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7291",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an \"unbounded key print\" during logging, related to an issue that was \"quickly grepped out of the source tree,\" a different vulnerability than CVE-2013-0179 and CVE-2013-7290."
"lang": "eng",
"value": "memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an \"unbounded key print\" during logging, related to an issue that was \"quickly grepped out of the source tree,\" a different vulnerability than CVE-2013-0179 and CVE-2013-7290."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://code.google.com/p/memcached/issues/detail?id=306",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/memcached/issues/detail?id=306"
"name": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"
},
{
"name" : "https://code.google.com/p/memcached/wiki/ReleaseNotes1417",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/memcached/wiki/ReleaseNotes1417"
"name": "64989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64989"
},
{
"name" : "64989",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64989"
"name": "https://code.google.com/p/memcached/issues/detail?id=306",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/memcached/issues/detail?id=306"
}
]
}

104
2017/10xxx/CVE-2017-10410.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10410",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10410",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Knowledge Management",
"version" : {
"version_data" : [
"product_name": "Knowledge Management",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.1"
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "101340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101340"
},
{
"name" : "101340",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101340"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "1039592",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039592"
"name": "1039592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039592"
}
]
}

92
2017/10xxx/CVE-2017-10912.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10912",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10912",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217."
"lang": "eng",
"value": "Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://xenbits.xen.org/xsa/advisory-217.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-217.html"
"name": "GLSA-201708-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-03"
},
{
"name" : "DSA-3969",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3969"
"name": "DSA-3969",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3969"
},
{
"name" : "GLSA-201708-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-03"
"name": "99158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99158"
},
{
"name" : "GLSA-201710-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-17"
"name": "1038721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038721"
},
{
"name" : "99158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99158"
"name": "https://xenbits.xen.org/xsa/advisory-217.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-217.html"
},
{
"name" : "1038721",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038721"
"name": "GLSA-201710-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-17"
}
]
}

68
2017/13xxx/CVE-2017-13831.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-13831",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13831",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name" : "1039710",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039710"
"name": "1039710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039710"
}
]
}

62
2017/14xxx/CVE-2017-14240.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14240",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14240",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter."
"lang": "eng",
"value": "There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548",
"refsource" : "CONFIRM",
"url" : "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548"
"name": "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548",
"refsource": "CONFIRM",
"url": "https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548"
}
]
}

74
2017/14xxx/CVE-2017-14990.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14990",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14990",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability)."
"lang": "eng",
"value": "WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://core.trac.wordpress.org/ticket/38474",
"refsource" : "MISC",
"url" : "https://core.trac.wordpress.org/ticket/38474"
"name": "DSA-3997",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3997"
},
{
"name" : "DSA-3997",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3997"
"name": "1039554",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039554"
},
{
"name" : "1039554",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039554"
"name": "https://core.trac.wordpress.org/ticket/38474",
"refsource": "MISC",
"url": "https://core.trac.wordpress.org/ticket/38474"
}
]
}

70
2017/17xxx/CVE-2017-17031.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@qnapsecurity.com.tw",
"DATE_PUBLIC" : "2017-12-15T00:00:00",
"ID" : "CVE-2017-17031",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2017-12-15T00:00:00",
"ID": "CVE-2017-17031",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "QTS Password function",
"version" : {
"version_data" : [
"product_name": "QTS Password function",
"version": {
"version_data": [
{
"version_value" : "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier"
"version_value": "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier"
}
]
}
}
]
},
"vendor_name" : "QNAP"
"vendor_name": "QNAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices."
"lang": "eng",
"value": "A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Buffer Overflow"
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
"name": "1040018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040018"
},
{
"name" : "1040018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040018"
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
}
]
}

62
2017/17xxx/CVE-2017-17465.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17465",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17465",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request."
"lang": "eng",
"value": "K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/K7-Antivirus/K7Anti_Nullptr_Dereference_0x95002574",
"refsource" : "MISC",
"url" : "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/K7-Antivirus/K7Anti_Nullptr_Dereference_0x95002574"
"name": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/K7-Antivirus/K7Anti_Nullptr_Dereference_0x95002574",
"refsource": "MISC",
"url": "https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/K7-Antivirus/K7Anti_Nullptr_Dereference_0x95002574"
}
]
}

22
2017/17xxx/CVE-2017-17546.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17546",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17546",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2017/17xxx/CVE-2017-17905.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17905",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17905",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php."
"lang": "eng",
"value": "PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Car-Rental-Script.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Car-Rental-Script.md"
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Car-Rental-Script.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Car-Rental-Script.md"
}
]
}

22
2017/17xxx/CVE-2017-17918.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17918",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17918",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/9xxx/CVE-2017-9081.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9081",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9081",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2017/9xxx/CVE-2017-9484.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9484",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9484",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations."
"lang": "eng",
"value": "The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-27.ipv6-cm-mac-leak.txt",
"refsource" : "MISC",
"url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-27.ipv6-cm-mac-leak.txt"
"name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-27.ipv6-cm-mac-leak.txt",
"refsource": "MISC",
"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-27.ipv6-cm-mac-leak.txt"
}
]
}

80
2017/9xxx/CVE-2017-9610.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9610",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9610",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document."
"lang": "eng",
"value": "The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06"
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698025",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698025"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698025",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698025"
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
"name": "99976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99976"
},
{
"name" : "99976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99976"
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06"
}
]
}

148
2018/0xxx/CVE-2018-0032.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0032",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: RPD crash when receiving a crafted BGP UPDATE"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID": "CVE-2018-0032",
"STATE": "PUBLIC",
"TITLE": "Junos OS: RPD crash when receiving a crafted BGP UPDATE"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected" : "<",
"version_name" : "16.1X65",
"version_value" : "16.1X65-D47"
"affected": "<",
"version_name": "16.1X65",
"version_value": "16.1X65-D47"
},
{
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D91, 17.2X75-D110"
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D91, 17.2X75-D110"
},
{
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2"
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2"
},
{
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S3, 17.4R2"
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."
"lang": "eng",
"value": "The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2."
}
]
},
"exploit" : [
"exploit": [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service"
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/JSA10866",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10866"
"name": "1041337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041337"
},
{
"name" : "1041337",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041337"
"name": "https://kb.juniper.net/JSA10866",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10866"
}
]
},
"solution" : [
"solution": [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 16.1X65-D47, 17.2X75-D110, 17.2X75-D91, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1X65-D47, 17.2X75-D110, 17.2X75-D91, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10866",
"defect" : [
"source": {
"advisory": "JSA10866",
"defect": [
"1327708"
],
"discovery" : "INTERNAL"
"discovery": "INTERNAL"
},
"work_around" : [
"work_around": [
{
"lang" : "eng",
"value" : "There are no known workarounds for this issue"
"lang": "eng",
"value": "There are no known workarounds for this issue"
}
]
}

62
2018/0xxx/CVE-2018-0540.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0540",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0540",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ViX",
"version" : {
"version_data" : [
"product_name": "ViX",
"version": {
"version_data": [
{
"version_value" : "version 2.21.148.0"
"version_value": "version 2.21.148.0"
}
]
}
}
]
},
"vendor_name" : "K_OKADA"
"vendor_name": "K_OKADA"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
"lang": "eng",
"value": "Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#56764650",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN56764650/index.html"
"name": "JVN#56764650",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN56764650/index.html"
}
]
}

76
2018/0xxx/CVE-2018-0939.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0939",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0939",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ChakraCore, Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "ChakraCore, Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Microsoft Windows 10 1703 and 1709."
"version_value": "Microsoft Windows 10 1703 and 1709."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0891."
"lang": "eng",
"value": "ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0891."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0939",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0939"
"name": "103305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103305"
},
{
"name" : "103305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103305"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0939",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0939"
},
{
"name" : "1040507",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040507"
"name": "1040507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040507"
}
]
}

66
2018/1000xxx/CVE-2018-1000113.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-02-26",
"ID" : "CVE-2018-1000113",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-26",
"ID": "CVE-2018-1000113",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Jenkins TestLink Plugin",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "3.12 and older"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript"
"lang": "eng",
"value": "A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-79"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731"
"name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-731"
}
]
}

72
2018/1000xxx/CVE-2018-1000420.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.683653",
"ID" : "CVE-2018-1000420",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-28T04:34:37.683653",
"ID": "CVE-2018-1000420",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Jenkins Mesos Plugin",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "0.17.1 and earlier"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins."
"lang": "eng",
"value": "An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-285, CWE-200"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)"
"name": "106532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106532"
},
{
"name" : "106532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106532"
"name": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)"
}
]
}

68
2018/19xxx/CVE-2018-19288.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19288",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19288",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API."
"lang": "eng",
"value": "Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource" : "MISC",
"url" : "https://www.manageengine.com/network-monitoring/help/read-me.html"
"name": "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/network-monitoring/help/read-me.html"
},
{
"name" : "105960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105960"
"name": "105960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105960"
}
]
}

62
2018/19xxx/CVE-2018-19654.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19654",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19654",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists."
"lang": "eng",
"value": "An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/Venan24/SCMS/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/Venan24/SCMS/issues/1"
"name": "https://github.com/Venan24/SCMS/issues/1",
"refsource": "MISC",
"url": "https://github.com/Venan24/SCMS/issues/1"
}
]
}

62
2018/19xxx/CVE-2018-19756.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19756",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19756",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service."
"lang": "eng",
"value": "There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649198",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649198"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649198",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649198"
}
]
}

68
2018/19xxx/CVE-2018-19811.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19811",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19811",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/Import.jsp\" has reflected XSS via the ConnPoolName parameter."
"lang": "eng",
"value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/Import.jsp\" has reflected XSS via the ConnPoolName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/20"
"name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
},
{
"name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
"name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/20"
}
]
}

74
2018/19xxx/CVE-2018-19862.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19862",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19862",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued."
"lang": "eng",
"value": "Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "45999",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45999/"
"name": "http://packetstormsecurity.com/files/150689/MiniShare-1.4.1-HEAD-POST-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150689/MiniShare-1.4.1-HEAD-POST-Buffer-Overflow.html"
},
{
"name" : "20181207 [CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/19"
"name": "45999",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45999/"
},
{
"name" : "http://packetstormsecurity.com/files/150689/MiniShare-1.4.1-HEAD-POST-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150689/MiniShare-1.4.1-HEAD-POST-Buffer-Overflow.html"
"name": "20181207 [CVE-2018-19861, CVE-2018-19862] Buffer overflow in MiniShare 1.4.1 HEAD and POST method",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/19"
}
]
}

76
2018/1xxx/CVE-2018-1259.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-05-09T00:00:00",
"ID" : "CVE-2018-1259",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-09T00:00:00",
"ID": "CVE-2018-1259",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Spring Data Commons",
"version" : {
"version_data" : [
"product_name": "Spring Data Commons",
"version": {
"version_data": [
{
"version_value" : "1.13 prior to 1.13.12; 2.0 prior to 2.0.7"
"version_value": "1.13 prior to 1.13.12; 2.0 prior to 2.0.7"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system."
"lang": "eng",
"value": "Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "XML Parsing"
"lang": "eng",
"value": "XML Parsing"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://pivotal.io/security/cve-2018-1259",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-1259"
"name": "https://pivotal.io/security/cve-2018-1259",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1259"
},
{
"name" : "RHSA-2018:1809",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1809"
"name": "RHSA-2018:1809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1809"
},
{
"name" : "RHSA-2018:3768",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3768"
"name": "RHSA-2018:3768",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
}
]
}

104
2018/1xxx/CVE-2018-1757.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-27T00:00:00",
"ID" : "CVE-2018-1757",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-27T00:00:00",
"ID": "CVE-2018-1757",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Security Identity Governance and Intelligence",
"version" : {
"version_data" : [
"product_name": "Security Identity Governance and Intelligence",
"version": {
"version_data": [
{
"version_value" : "5.2.3.2"
"version_value": "5.2.3.2"
},
{
"version_value" : "5.2.4"
"version_value": "5.2.4"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601."
"lang": "eng",
"value": "IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. IBM X-Force ID: 148601."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.300",
"UI" : "N"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "5.300",
"UI": "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Obtain Information"
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10728883"
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10728883",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728883"
},
{
"name" : "ibm-sig-cve20181757-info-disc(148601)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148601"
"name": "ibm-sig-cve20181757-info-disc(148601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148601"
}
]
}

22
2018/4xxx/CVE-2018-4599.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4599",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4599",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4678.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4678",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4678",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}