admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:24:33 +00:00
parent 35128cf82e
commit f59ba2a523
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3871 additions and 3817 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2004/0xxx/CVE-2004-0541.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0541", "ID": "CVE-2004-0541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password (\"pass\" variable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities" "lang": "eng",
}, "value": "Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password (\"pass\" variable)."
{ }
"name" : "FLSA-2006:152809", ]
"refsource" : "FEDORA", },
"url" : "http://fedoranews.org/updates/FEDORA--.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200406-13", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2004:242", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2004-242.html" ]
}, },
{ "references": {
"name" : "MDKSA-2004:059", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059" "name": "oval:org.mitre.oval:def:10722",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722"
"name" : "2004-0033", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.net/errata/2004/0033/" "name": "RHSA-2004:242",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-242.html"
"name" : "20040604-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc" "name": "GLSA-200406-13",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml"
"name" : "10500", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10500" "name": "MDKSA-2004:059",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059"
"name" : "oval:org.mitre.oval:def:10722", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10722" "name": "FLSA-2006:152809",
}, "refsource": "FEDORA",
{ "url": "http://fedoranews.org/updates/FEDORA--.shtml"
"name" : "squid-ntlm-bo(16360)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16360" "name": "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities",
}, "refsource": "MISC",
{ "url": "http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities"
"name" : "oval:org.mitre.oval:def:980", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980" "name": "squid-ntlm-bo(16360)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16360"
} },
} {
"name": "10500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10500"
},
{
"name": "20040604-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc"
},
{
"name": "2004-0033",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0033/"
},
{
"name": "oval:org.mitre.oval:def:980",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A980"
}
]
}
}

160
2004/0xxx/CVE-2004-0588.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0588", "ID": "CVE-2004-0588",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108781564518287&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
{ }
"name" : "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html", ]
"refsource" : "MISC", },
"url" : "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200406-15", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10521", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/10521" ]
}, },
{ "references": {
"name" : "usermin-email-xss(16494)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494" "name": "GLSA-200406-15",
} "refsource": "GENTOO",
] "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
} },
} {
"name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108781564518287&w=2"
},
{
"name": "10521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10521"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
},
{
"name": "usermin-email-xss(16494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
}
]
}
}

180
2004/1xxx/CVE-2004-1512.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1512", "ID": "CVE-2004-1512",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041110 04WebServer Three Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110012542615484&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page."
{ }
"name" : "20041115 Re: 04WebServer Three Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110054395311823&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.security.org.sg/vuln/04webserver142.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.security.org.sg/vuln/04webserver142.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.soft3304.net/04WebServer/Security.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.soft3304.net/04WebServer/Security.html" ]
}, },
{ "references": {
"name" : "11652", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11652" "name": "11652",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11652"
"name" : "13159", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13159/" "name": "04webserver-error-xss(18033)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18033"
"name" : "04webserver-error-xss(18033)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18033" "name": "20041110 04WebServer Three Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=110012542615484&w=2"
} },
} {
"name": "http://www.soft3304.net/04WebServer/Security.html",
"refsource": "CONFIRM",
"url": "http://www.soft3304.net/04WebServer/Security.html"
},
{
"name": "http://www.security.org.sg/vuln/04webserver142.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/04webserver142.html"
},
{
"name": "20041115 Re: 04WebServer Three Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110054395311823&w=2"
},
{
"name": "13159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13159/"
}
]
}
}

150
2004/1xxx/CVE-2004-1674.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1674", "ID": "CVE-2004-1674",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109483971420067&w=2" "lang": "eng",
}, "value": "viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter."
{ }
"name" : "11371", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11371" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12789", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12789" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "merak-icewarp-file-deletion(17976)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17976" ]
} },
] "references": {
} "reference_data": [
} {
"name": "merak-icewarp-file-deletion(17976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17976"
},
{
"name": "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109483971420067&w=2"
},
{
"name": "12789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12789"
},
{
"name": "11371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11371"
}
]
}
}

150
2004/1xxx/CVE-2004-1714.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1714", "ID": "CVE-2004-1714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040811 BlackICE unprivileged local user attack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109223751031166&w=2" "lang": "eng",
}, "value": "BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule."
{ }
"name" : "20040811 ISS BlackIce Server Protect Unprivileged User Attack", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10915", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10915" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "blackice-firewall-dos(16959)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16959" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20040811 ISS BlackIce Server Protect Unprivileged User Attack",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html"
},
{
"name": "10915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10915"
},
{
"name": "20040811 BlackICE unprivileged local user attack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109223751031166&w=2"
},
{
"name": "blackice-firewall-dos(16959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16959"
}
]
}
}

140
2008/3xxx/CVE-2008-3039.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3039", "ID": "CVE-2008-3039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" "lang": "eng",
}, "value": "SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "30054", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30054" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "damfrontend-sql-injection(43477)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43477" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/"
},
{
"name": "30054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30054"
},
{
"name": "damfrontend-sql-injection(43477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43477"
}
]
}
}

180
2008/3xxx/CVE-2008-3415.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3415", "ID": "CVE-2008-3415",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6142", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6142" "lang": "eng",
}, "value": "Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences."
{ }
"name" : "http://www.cmscout.co.za/index.php?page=news&id=29", ]
"refsource" : "CONFIRM", },
"url" : "http://www.cmscout.co.za/index.php?page=news&id=29" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30385", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30385" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2218", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2218/references" ]
}, },
{ "references": {
"name" : "31243", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31243" "name": "31243",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31243"
"name" : "4093", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4093" "name": "http://www.cmscout.co.za/index.php?page=news&id=29",
}, "refsource": "CONFIRM",
{ "url": "http://www.cmscout.co.za/index.php?page=news&id=29"
"name" : "cmscout-common-file-include(44017)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44017" "name": "4093",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4093"
} },
} {
"name": "cmscout-common-file-include(44017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44017"
},
{
"name": "ADV-2008-2218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2218/references"
},
{
"name": "30385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30385"
},
{
"name": "6142",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6142"
}
]
}
}

180
2008/3xxx/CVE-2008-3498.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3498", "ID": "CVE-2008-3498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5939", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5939" "lang": "eng",
}, "value": "SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html", ]
"refsource" : "MISC", },
"url" : "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29951", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29951" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30752", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30752" ]
}, },
{ "references": {
"name" : "4114", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4114" "name": "30752",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30752"
"name" : "ADV-2008-1948", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1948/references" "name": "5939",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5939"
"name" : "nbill-index-sql-injection(43369)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369" "name": "29951",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/29951"
} },
} {
"name": "4114",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4114"
},
{
"name": "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html",
"refsource": "MISC",
"url": "http://www.nbill.co.uk/forum-smf/index.php/topic,716.0.html"
},
{
"name": "ADV-2008-1948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1948/references"
},
{
"name": "nbill-index-sql-injection(43369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43369"
}
]
}
}

200
2008/4xxx/CVE-2008-4193.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4193", "ID": "CVE-2008-4193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5718", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5718" "lang": "eng",
}, "value": "Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter."
{ }
"name" : "5827", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5827" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://files.altn.com/securitygateway/release/relnotes_en.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://files.altn.com/securitygateway/release/relnotes_en.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29457", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/29457" ]
}, },
{ "references": {
"name" : "1020156", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020156" "name": "5827",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5827"
"name" : "30497", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30497" "name": "5718",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5718"
"name" : "4302", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4302" "name": "securitygateway-webinterface-bo(42769)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42769"
"name" : "ADV-2008-1717", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1717/references" "name": "http://files.altn.com/securitygateway/release/relnotes_en.htm",
}, "refsource": "CONFIRM",
{ "url": "http://files.altn.com/securitygateway/release/relnotes_en.htm"
"name" : "securitygateway-webinterface-bo(42769)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42769" "name": "ADV-2008-1717",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1717/references"
} },
} {
"name": "30497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30497"
},
{
"name": "29457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29457"
},
{
"name": "1020156",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020156"
},
{
"name": "4302",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4302"
}
]
}
}

34
2008/4xxx/CVE-2008-4274.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-4274", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-4274",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

180
2008/4xxx/CVE-2008-4320.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4320", "ID": "CVE-2008-4320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2631", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2631" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, (2) the username parameter to notification/list.jsp, and (3) the filter parameter to event/list."
{ }
"name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2633", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2633" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2634", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2634" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257", ]
"refsource" : "CONFIRM", }
"url" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257" ]
}, },
{ "references": {
"name" : "31410", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31410" "name": "http://bugzilla.opennms.org/show_bug.cgi?id=2633",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.opennms.org/show_bug.cgi?id=2633"
"name" : "32019", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32019" "name": "http://bugzilla.opennms.org/show_bug.cgi?id=2634",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.opennms.org/show_bug.cgi?id=2634"
"name" : "opennms-jacegisecuritycheck-xss(45417)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45417" "name": "31410",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/31410"
} },
} {
"name": "32019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32019"
},
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2631",
"refsource": "CONFIRM",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2631"
},
{
"name": "opennms-jacegisecuritycheck-xss(45417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45417"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html#d788e257"
}
]
}
}

440
2008/4xxx/CVE-2008-4546.json
View File

@ -1,222 +1,222 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4546", "ID": "CVE-2008-4546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496929/100/0/threaded" "lang": "eng",
}, "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers."
{ }
"name" : "http://www.mochimedia.com/~matthew/flashcrash/", ]
"refsource" : "MISC", },
"url" : "http://www.mochimedia.com/~matthew/flashcrash/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4435", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4435" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-11-10-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "4401",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4401"
"name" : "GLSA-201101-09", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" "name": "ADV-2011-0192",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0192"
"name" : "HPSBMA02547", },
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" "name": "ADV-2010-1421",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1421"
"name" : "SSRT100179", },
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "RHSA-2010:0464", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" "name": "40545",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40545"
"name" : "RHSA-2010:0470", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" "name": "RHSA-2010:0464",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
"name" : "SUSE-SR:2008:025", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" "name": "ADV-2010-1793",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1793"
"name" : "SUSE-SA:2010:024", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" "name": "43026",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43026"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "ADV-2010-1432",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1432"
"name" : "TLSA-2010-19", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" "name": "GLSA-201101-09",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
"name" : "TA10-162A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" "name": "TA10-162A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
"name" : "31537", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31537" "name": "oval:org.mitre.oval:def:7187",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187"
"name" : "oval:org.mitre.oval:def:7187", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "oval:org.mitre.oval:def:16302", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302" "name": "1024085",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024085"
"name" : "1024085", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024085" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "1024086", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024086" "name": "1024086",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024086"
"name" : "32759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32759" "name": "20081002 Adobe Flash Player plug-in null pointer dereference and browser crash",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/496929/100/0/threaded"
"name" : "40545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40545" "name": "ADV-2010-1434",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1434"
"name" : "43026", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43026" "name": "adobe-flash-version-dos(45630)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630"
"name" : "4401", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4401" "name": "TLSA-2010-19",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
"name" : "ADV-2010-1453", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1453" "name": "http://www.mochimedia.com/~matthew/flashcrash/",
}, "refsource": "MISC",
{ "url": "http://www.mochimedia.com/~matthew/flashcrash/"
"name" : "ADV-2010-1421", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1421" "name": "SSRT100179",
}, "refsource": "HP",
{ "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
"name" : "ADV-2010-1432", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1432" "name": "SUSE-SA:2010:024",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
"name" : "ADV-2010-1434", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1434" "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
"name" : "ADV-2010-1482", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1482" "name": "32759",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32759"
"name" : "ADV-2010-1522", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1522" "name": "RHSA-2010:0470",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
"name" : "ADV-2010-1793", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1793" "name": "ADV-2010-1482",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1482"
"name" : "ADV-2011-0192", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0192" "name": "oval:org.mitre.oval:def:16302",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302"
"name" : "adobe-flash-version-dos(45630)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45630" "name": "HPSBMA02547",
} "refsource": "HP",
] "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
} },
} {
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "31537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31537"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
}

160
2008/4xxx/CVE-2008-4790.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4790", "ID": "CVE-2008-4790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read \"files attached to content\" via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081021 CVE req: drupal < 5.11/6.5", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/21/7" "lang": "eng",
}, "value": "The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read \"files attached to content\" via unknown vectors."
{ }
"name" : "http://drupal.org/node/318706", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/318706" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32200", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32200" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32198", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32198" ]
}, },
{ "references": {
"name" : "drupal-uploadmodule-security-bypass(45758)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45758" "name": "32198",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32198"
} },
} {
"name": "http://drupal.org/node/318706",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/318706"
},
{
"name": "32200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32200"
},
{
"name": "drupal-uploadmodule-security-bypass(45758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45758"
},
{
"name": "[oss-security] 20081021 CVE req: drupal < 5.11/6.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/21/7"
}
]
}
}

160
2008/6xxx/CVE-2008-6309.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6309", "ID": "CVE-2008-6309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7166", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7166" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "32368", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32368" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32783", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32783" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-3217", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/3217" ]
}, },
{ "references": {
"name" : "askpert-index-sql-injection(46732)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46732" "name": "32783",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32783"
} },
} {
"name": "32368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32368"
},
{
"name": "ADV-2008-3217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3217"
},
{
"name": "7166",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7166"
},
{
"name": "askpert-index-sql-injection(46732)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46732"
}
]
}
}

160
2008/6xxx/CVE-2008-6370.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6370", "ID": "CVE-2008-6370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7244", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7244" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter."
{ }
"name" : "32503", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32503" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50317", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50317" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32903", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32903" ]
}, },
{ "references": {
"name" : "contactmanager-default-xss(46962)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46962" "name": "32903",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32903"
} },
} {
"name": "7244",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7244"
},
{
"name": "32503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32503"
},
{
"name": "contactmanager-default-xss(46962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46962"
},
{
"name": "50317",
"refsource": "OSVDB",
"url": "http://osvdb.org/50317"
}
]
}
}

140
2008/6xxx/CVE-2008-6814.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6814", "ID": "CVE-2008-6814",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6868", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6868" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528."
{ }
"name" : "31981", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31981" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "simpleboard-imageupload-file-upload(46223)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "simpleboard-imageupload-file-upload(46223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46223"
},
{
"name": "6868",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6868"
},
{
"name": "31981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31981"
}
]
}
}

150
2008/6xxx/CVE-2008-6908.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6908", "ID": "CVE-2008-6908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/348295", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/348295" "lang": "eng",
}, "value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges."
{ }
"name" : "32894", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32894" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50743", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50743" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "services-insecure-hash-weak-security(47458)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458" ]
} },
] "references": {
} "reference_data": [
} {
"name": "50743",
"refsource": "OSVDB",
"url": "http://osvdb.org/50743"
},
{
"name": "32894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32894"
},
{
"name": "http://drupal.org/node/348295",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348295"
},
{
"name": "services-insecure-hash-weak-security(47458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47458"
}
]
}
}

150
2008/7xxx/CVE-2008-7039.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7039", "ID": "CVE-2008-7039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://osvdb.org/ref/44/gelato-cms-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://osvdb.org/ref/44/gelato-cms-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information."
{ }
"name" : "27587", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27587" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44310", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44310" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "gelato-comments-xss(40264)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40264" ]
} },
] "references": {
} "reference_data": [
} {
"name": "44310",
"refsource": "OSVDB",
"url": "http://osvdb.org/44310"
},
{
"name": "27587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27587"
},
{
"name": "gelato-comments-xss(40264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40264"
},
{
"name": "http://osvdb.org/ref/44/gelato-cms-xss.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/44/gelato-cms-xss.txt"
}
]
}
}

130
2008/7xxx/CVE-2008-7143.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7143", "ID": "CVE-2008-7143",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080318 phpBB 2.0.23 Session Hijacking Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489815/100/0/threaded" "lang": "eng",
}, "value": "phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header."
{ }
"name" : "51121", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/51121" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51121",
"refsource": "OSVDB",
"url": "http://osvdb.org/51121"
},
{
"name": "20080318 phpBB 2.0.23 Session Hijacking Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489815/100/0/threaded"
}
]
}
}

150
2008/7xxx/CVE-2008-7268.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7268", "ID": "CVE-2008-7268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081023 SiteEngine 5.x Multiple Remote Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/497747/100/0/threaded" "lang": "eng",
}, "value": "The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php."
{ }
"name" : "6823", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/6823" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32404", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32404" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "siteengine-misc-information-disclosure(46180)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46180" ]
} },
] "references": {
} "reference_data": [
} {
"name": "6823",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6823"
},
{
"name": "siteengine-misc-information-disclosure(46180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46180"
},
{
"name": "32404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32404"
},
{
"name": "20081023 SiteEngine 5.x Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497747/100/0/threaded"
}
]
}
}

150
2013/2xxx/CVE-2013-2428.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2428", "ID": "CVE-2013-2428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427."
{ }
"name" : "RHSA-2013:0757", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA13-107A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:16416", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16416" ]
} },
] "references": {
} "reference_data": [
} {
"name": "oval:org.mitre.oval:def:16416",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16416"
},
{
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
}
]
}
}

34
2013/2xxx/CVE-2013-2489.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2489", "ID": "CVE-2013-2489",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2013/2xxx/CVE-2013-2548.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2548", "ID": "CVE-2013-2548",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13" "lang": "eng",
}, "value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2013:176", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1971", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" "name": "USN-1796-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1796-1"
"name" : "USN-1793-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1793-1" "name": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
"name" : "USN-1794-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1794-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
"name" : "USN-1795-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1795-1" "name": "MDVSA-2013:176",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"name" : "USN-1796-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1796-1" "name": "USN-1797-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1797-1"
"name" : "USN-1797-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1797-1" "name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
} },
} {
"name": "USN-1793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
]
}
}

140
2013/2xxx/CVE-2013-2766.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2766", "ID": "CVE-2013-2766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.splunk.com/view/SP-CAAAHSQ", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAHSQ" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "59038", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/59038" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1028371", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028371" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.splunk.com/view/SP-CAAAHSQ",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAHSQ"
},
{
"name": "1028371",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028371"
},
{
"name": "59038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59038"
}
]
}
}

200
2013/6xxx/CVE-2013-6397.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6397", "ID": "CVE-2013-6397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/11/27/1" "lang": "eng",
}, "value": "Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries."
{ }
"name" : "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html", ]
"refsource" : "MISC", },
"url" : "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://lucene.apache.org/solr/4_6_0/changes/Changes.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://lucene.apache.org/solr/4_6_0/changes/Changes.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://issues.apache.org/jira/browse/SOLR-4882", ]
"refsource" : "CONFIRM", }
"url" : "https://issues.apache.org/jira/browse/SOLR-4882" ]
}, },
{ "references": {
"name" : "RHSA-2013:1844", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1844.html" "name": "63935",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/63935"
"name" : "RHSA-2014:0029", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html" "name": "RHSA-2014:0029",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
"name" : "63935", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63935" "name": "https://issues.apache.org/jira/browse/SOLR-4882",
}, "refsource": "CONFIRM",
{ "url": "https://issues.apache.org/jira/browse/SOLR-4882"
"name" : "55730", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55730" "name": "[oss-security] 20131126 Re: CVE request: Apache Solr 4.6.0",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/11/27/1"
"name" : "59372", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59372" "name": "55730",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/55730"
} },
} {
"name": "RHSA-2013:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
},
{
"name": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html",
"refsource": "CONFIRM",
"url": "http://lucene.apache.org/solr/4_6_0/changes/Changes.html"
},
{
"name": "59372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59372"
},
{
"name": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html",
"refsource": "MISC",
"url": "http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html"
}
]
}
}

34
2013/6xxx/CVE-2013-6528.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6528", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6528",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2017/10xxx/CVE-2017-10969.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10969", "ID": "CVE-2017-10969",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/11xxx/CVE-2017-11225.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-11225", "ID": "CVE-2017-11225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 27.0.0.183 and earlier versions", "product_name": "Adobe Flash Player 27.0.0.183 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 27.0.0.183 and earlier versions" "version_value": "Adobe Flash Player 27.0.0.183 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "GLSA-201711-13", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201711-13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:3222", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3222" "lang": "eng",
}, "value": "Use After Free"
{ }
"name" : "101837", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/101837" ]
}, },
{ "references": {
"name" : "1039778", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039778" "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html",
} "refsource": "CONFIRM",
] "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html"
} },
} {
"name": "RHSA-2017:3222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3222"
},
{
"name": "GLSA-201711-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-13"
},
{
"name": "101837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101837"
},
{
"name": "1039778",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039778"
}
]
}
}

142
2017/11xxx/CVE-2017-11275.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-11275", "ID": "CVE-2017-11275",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Digital Editions", "product_name": "Digital Editions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.5.4 and earlier." "version_value": "4.5.4 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe Systems Incorporated" "vendor_name": "Adobe Systems Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html" "lang": "eng",
}, "value": "Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "100244", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100244" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039100", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039100" "lang": "eng",
} "value": "Heap Overflow"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039100"
},
{
"name": "100244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100244"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html"
}
]
}
}

34
2017/11xxx/CVE-2017-11739.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11739", "ID": "CVE-2017-11739",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/14xxx/CVE-2017-14146.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14146", "ID": "CVE-2017-14146",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\\app\\uploads\\helpdezk\\attachments\\ directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md" "lang": "eng",
} "value": "HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\\app\\uploads\\helpdezk\\attachments\\ directory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md",
"refsource": "MISC",
"url": "https://github.com/M4ple/vulnerability/blob/master/helpdezk_file_upload/helpdezk_file_upload.md"
}
]
}
}

130
2017/14xxx/CVE-2017-14680.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14680", "ID": "CVE-2017-14680",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/bugtraq/2017/Sep/20", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/bugtraq/2017/Sep/20" "lang": "eng",
}, "value": "ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document."
{ }
"name" : "http://seclists.org/fulldisclosure/2017/Sep/39", ]
"refsource" : "MISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Sep/39" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/bugtraq/2017/Sep/20",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2017/Sep/20"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Sep/39",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/39"
}
]
}
}

168
2017/14xxx/CVE-2017-14800.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00.000Z", "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID" : "CVE-2017-14800", "ID": "CVE-2017-14800",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Reflected xss on Access Manager iManager UI" "TITLE": "Reflected xss on Access Manager iManager UI"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Access Manager", "product_name": "Access Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "4.3", "version_name": "4.3",
"version_value" : "4.3.3" "version_value": "4.3.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetIQ" "vendor_name": "NetIQ"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "reflected cross site scripting attack"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.novell.com/support/kb/doc.php?id=7022356", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.novell.com/support/kb/doc.php?id=7022356" "lang": "eng",
} "value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
] }
}, ]
"source" : { },
"advisory" : "7022356", "impact": {
"discovery" : "UNKNOWN" "cvss": {
} "attackComplexity": "LOW",
} "attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site scripting attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022356",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
]
},
"source": {
"advisory": "7022356",
"discovery": "UNKNOWN"
}
}

120
2017/14xxx/CVE-2017-14947.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14947", "ID": "CVE-2017-14947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698551", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698551" "lang": "eng",
} "value": "Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a \"Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698551",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698551"
}
]
}
}

34
2017/15xxx/CVE-2017-15000.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15000", "ID": "CVE-2017-15000",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2017/15xxx/CVE-2017-15127.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-15127", "ID": "CVE-2017-15127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux kernel before 4.13", "product_name": "Linux kernel before 4.13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Linux kernel before 4.13" "version_value": "Linux kernel before 4.13"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-460"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", "description_data": [
"refsource" : "MISC", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995" "lang": "eng",
}, "value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)."
{ }
"name" : "https://access.redhat.com/security/cve/CVE-2017-15127", ]
"refsource" : "MISC", },
"url" : "https://access.redhat.com/security/cve/CVE-2017-15127" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218" "lang": "eng",
}, "value": "CWE-460"
{ }
"name" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", ]
"refsource" : "MISC", }
"url" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995" ]
}, },
{ "references": {
"name" : "RHSA-2018:0676", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0676" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995",
}, "refsource": "MISC",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995"
"name" : "RHSA-2018:1062", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1062" "name": "RHSA-2018:1062",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1062"
"name" : "102517", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102517" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218",
} "refsource": "MISC",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
} },
} {
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15127",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
{
"name": "102517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102517"
}
]
}
}

122
2017/15xxx/CVE-2017-15861.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-02-05T00:00:00", "DATE_PUBLIC": "2018-02-05T00:00:00",
"ID" : "CVE-2017-15861", "ID": "CVE-2017-15861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-02-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-02-01" "lang": "eng",
} "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-02-01"
}
]
}
}

122
2017/15xxx/CVE-2017-15895.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@synology.com", "ASSIGNER": "security@synology.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-15895", "ID": "CVE-2017-15895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Synology Router Manager (SRM)", "product_name": "Synology Router Manager (SRM)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 1.1.5-6542-4" "version_value": "before 1.1.5-6542-4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Synology" "vendor_name": "Synology"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM" "lang": "eng",
} "value": "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_71_SRM"
}
]
}
}

34
2017/9xxx/CVE-2017-9241.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9241", "ID": "CVE-2017-9241",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/9xxx/CVE-2017-9606.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9606", "ID": "CVE-2017-9606",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Houl777/CVE-2017-9606", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Houl777/CVE-2017-9606" "lang": "eng",
} "value": "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Houl777/CVE-2017-9606",
"refsource": "MISC",
"url": "https://github.com/Houl777/CVE-2017-9606"
}
]
}
}

120
2017/9xxx/CVE-2017-9673.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9673", "ID": "CVE-2017-9673",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" "lang": "eng",
} "value": "In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142944/SimpleCE-2.3.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
}
]
}
}

130
2017/9xxx/CVE-2017-9989.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9989", "ID": "CVE-2017-9989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171118 [SECURITY] [DLA 1176-1] ming security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html" "lang": "eng",
}, "value": "util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack."
{ }
"name" : "https://github.com/libming/libming/issues/86", ]
"refsource" : "MISC", },
"url" : "https://github.com/libming/libming/issues/86" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171118 [SECURITY] [DLA 1176-1] ming security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00022.html"
},
{
"name": "https://github.com/libming/libming/issues/86",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/86"
}
]
}
}

130
2018/0xxx/CVE-2018-0184.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0184", "ID": "CVE-2018-0184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XE", "product_name": "Cisco IOS XE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XE" "version_value": "Cisco IOS XE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2" "lang": "eng",
}, "value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432."
{ }
"name" : "103550", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103550" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2"
},
{
"name": "103550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103550"
}
]
}
}

130
2018/0xxx/CVE-2018-0347.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0347", "ID": "CVE-2018-0347",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco SD-WAN Solution unknown", "product_name": "Cisco SD-WAN Solution unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco SD-WAN Solution unknown" "version_value": "Cisco SD-WAN Solution unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci" "lang": "eng",
}, "value": "A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906."
{ }
"name" : "104862", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104862" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104862"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-ci"
}
]
}
}

152
2018/0xxx/CVE-2018-0415.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-08-15T00:00:00", "DATE_PUBLIC": "2018-08-15T00:00:00",
"ID" : "CVE-2018-0415", "ID": "CVE-2018-0415",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Small Business 100 Series Wireless Access Points", "product_name": "Small Business 100 Series Wireless Access Points",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "unspecified" "version_value": "unspecified"
} }
] ]
} }
}, },
{ {
"product_name" : "Small Business 300 Series Wireless Access Points", "product_name": "Small Business 300 Series Wireless Access Points",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "unspecified" "version_value": "unspecified"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco Systems, Inc." "vendor_name": "Cisco Systems, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-388"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos" "lang": "eng",
}, "value": "A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472."
{ }
"name" : "105116", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105116" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-388"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180815 Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dos"
},
{
"name": "105116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105116"
}
]
}
}

130
2018/0xxx/CVE-2018-0522.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0522", "ID": "CVE-2018-0522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WXR-1900DHP2", "product_name": "WXR-1900DHP2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware Ver.2.48 and earlier" "version_value": "firmware Ver.2.48 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "BUFFALO INC." "vendor_name": "BUFFALO INC."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://buffalo.jp/support_s/s20180223.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://buffalo.jp/support_s/s20180223.html" "lang": "eng",
}, "value": "Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file."
{ }
"name" : "JVN#97144273", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN97144273/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://buffalo.jp/support_s/s20180223.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20180223.html"
},
{
"name": "JVN#97144273",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN97144273/index.html"
}
]
}
}

140
2018/12xxx/CVE-2018-12792.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12792", "ID": "CVE-2018-12792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "104701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041250", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041250" "lang": "eng",
} "value": "Use-after-free"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
},
{
"name": "104701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104701"
}
]
}
}

140
2018/12xxx/CVE-2018-12885.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12885", "ID": "CVE-2018-12885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc", "description_data": [
"refsource" : "MISC", {
"url" : "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc" "lang": "eng",
}, "value": "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards."
{ }
"name" : "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430", ]
"refsource" : "MISC", },
"url" : "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df", "description": [
"refsource" : "MISC", {
"url" : "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430",
"refsource": "MISC",
"url": "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430"
},
{
"name": "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df",
"refsource": "MISC",
"url": "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df"
},
{
"name": "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc",
"refsource": "MISC",
"url": "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc"
}
]
}
}

120
2018/12xxx/CVE-2018-12975.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12975", "ID": "CVE-2018-12975",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255" "lang": "eng",
} "value": "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages)."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255",
"refsource": "MISC",
"url": "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255"
}
]
}
}

130
2018/16xxx/CVE-2018-16198.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16198", "ID": "CVE-2018-16198",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A", "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier" "version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Toshiba Lighting & Technology Corporation" "vendor_name": "Toshiba Lighting & Technology Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hidden Functionality"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm" "lang": "eng",
}, "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
{ }
"name" : "JVN#99810718", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN99810718/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}

120
2018/16xxx/CVE-2018-16450.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16450", "ID": "CVE-2018-16450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CraftedWeb through 2013-09-24 has reflected XSS via the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137" "lang": "eng",
} "value": "CraftedWeb through 2013-09-24 has reflected XSS via the p parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137",
"refsource": "MISC",
"url": "https://gist.github.com/FuryKangaroo/8dc2ba91a5d63d6560d0088d0d265137"
}
]
}
}

34
2018/16xxx/CVE-2018-16735.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16735", "ID": "CVE-2018-16735",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/16xxx/CVE-2018-16820.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16820", "ID": "CVE-2018-16820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.51cto.com/13770310/2173957", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.51cto.com/13770310/2173957" "lang": "eng",
}, "value": "admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests."
{ }
"name" : "https://github.com/monstra-cms/monstra/issues/457", ]
"refsource" : "MISC", },
"url" : "https://github.com/monstra-cms/monstra/issues/457" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.51cto.com/13770310/2173957",
"refsource": "MISC",
"url": "http://blog.51cto.com/13770310/2173957"
},
{
"name": "https://github.com/monstra-cms/monstra/issues/457",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/457"
}
]
}
}

34
2018/4xxx/CVE-2018-4058.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4058", "ID": "CVE-2018-4058",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2018/4xxx/CVE-2018-4118.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4118", "ID": "CVE-2018-4118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208693", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208693" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT208694", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208694" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208695", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208695" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208697", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208697" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT208698", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208698" "name": "1040604",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1040604"
"name" : "GLSA-201808-04", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201808-04" "name": "https://support.apple.com/HT208698",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208698"
"name" : "USN-3635-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3635-1/" "name": "GLSA-201808-04",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201808-04"
"name" : "1040604", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040604" "name": "https://support.apple.com/HT208693",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT208693"
} },
} {
"name": "https://support.apple.com/HT208694",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208694"
},
{
"name": "https://support.apple.com/HT208697",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208697"
},
{
"name": "USN-3635-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3635-1/"
},
{
"name": "https://support.apple.com/HT208695",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208695"
}
]
}
}

34
2018/4xxx/CVE-2018-4245.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4245", "ID": "CVE-2018-4245",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4545.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4545", "ID": "CVE-2018-4545",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

88
2019/6xxx/CVE-2019-6716.json
View File

@ -1,18 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6716", "ID": "CVE-2019-6716",
"STATE" : "RESERVED" "STATE": "PUBLIC"
}, },
"data_format" : "MITRE", "affects": {
"data_type" : "CVE", "vendor": {
"data_version" : "4.0", "vendor_data": [
"description" : { {
"description_data" : [ "product": {
{ "product_data": [
"lang" : "eng", {
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "product_name": "n/a",
} "version": {
] "version_data": [
} {
} "version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46254",
"url": "https://www.exploit-db.com/exploits/46254/"
},
{
"url": "https://www.logonbox.com/en/",
"refsource": "MISC",
"name": "https://www.logonbox.com/en/"
}
]
}
}