admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:14:57 +00:00
parent 2f26b93ecf
commit f88569b63c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4198 additions and 4198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0059.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0059", "ID": "CVE-2001-0059",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001218 Solaris patchadd(1) (3) symlink vulnerabilty", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=97720205217707&w=2" "lang": "eng",
}, "value": "patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack."
{ }
"name" : "2127", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2127" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "solaris-patchadd-symlink(5789)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5789" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20001218 Solaris patchadd(1) (3) symlink vulnerabilty",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97720205217707&w=2"
},
{
"name": "2127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2127"
},
{
"name": "solaris-patchadd-symlink(5789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5789"
}
]
}
}

140
2001/0xxx/CVE-2001-0185.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0185", "ID": "CVE-2001-0185",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010123 Make The Netopia R9100 Router To Crash", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/157952" "lang": "eng",
}, "value": "Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash."
{ }
"name" : "2287", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2287" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netopia-telnet-dos(6001)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6001" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "netopia-telnet-dos(6001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6001"
},
{
"name": "20010123 Make The Netopia R9100 Router To Crash",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/157952"
},
{
"name": "2287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2287"
}
]
}
}

150
2001/0xxx/CVE-2001-0383.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0383", "ID": "CVE-2001-0383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010401 Php-nuke exploit...", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html" "lang": "eng",
}, "value": "banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication."
{ }
"name" : "http://phpnuke.org/download.php?dcategory=Fixes", ]
"refsource" : "CONFIRM", },
"url" : "http://phpnuke.org/download.php?dcategory=Fixes" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "php-nuke-url-redirect(6342)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6342" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2544", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/2544" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20010401 Php-nuke exploit...",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html"
},
{
"name": "http://phpnuke.org/download.php?dcategory=Fixes",
"refsource": "CONFIRM",
"url": "http://phpnuke.org/download.php?dcategory=Fixes"
},
{
"name": "2544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2544"
},
{
"name": "php-nuke-url-redirect(6342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6342"
}
]
}
}

160
2001/0xxx/CVE-2001-0571.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0571", "ID": "CVE-2001-0571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010323 Elron IM Products Vulnerability ", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=98538867727489&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL."
{ }
"name" : "20010326 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=98567864203963&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20010406 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2519", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/2519" ]
}, },
{ "references": {
"name" : "2520", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2520" "name": "2520",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/2520"
} },
} {
"name": "2519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2519"
},
{
"refsource": "BUGTRAQ",
"name": "20010323 Elron IM Products Vulnerability",
"url": "http://marc.info/?l=bugtraq&m=98538867727489&w=2"
},
{
"name": "20010326 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98567864203963&w=2"
},
{
"name": "20010406 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html"
}
]
}
}

150
2001/0xxx/CVE-2001-0677.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0677", "ID": "CVE-2001-0677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the \"Attachment Converted\" MIME header, which sends the file when the email is forwarded to the attacker by the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010418 Eudora file leakage problem (still)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/177369" "lang": "eng",
}, "value": "Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the \"Attachment Converted\" MIME header, which sends the file when the email is forwarded to the attacker by the user."
{ }
"name" : "eudora-plain-text-attachment(6431)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6431" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2616", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2616" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3085", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/3085" ]
} },
] "references": {
} "reference_data": [
} {
"name": "2616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2616"
},
{
"name": "eudora-plain-text-attachment(6431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6431"
},
{
"name": "3085",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3085"
},
{
"name": "20010418 Eudora file leakage problem (still)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/177369"
}
]
}
}

230
2001/0xxx/CVE-2001-0797.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0797", "ID": "CVE-2001-0797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011212 Buffer Overflow in /bin/login", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/alerts/advise105.php" "lang": "eng",
}, "value": "Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin."
{ }
"name" : "20011219 Linux distributions and /bin/login overflow", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/246487" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CA-2001-34", "description": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2001-34.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#569272", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/569272" ]
}, },
{ "references": {
"name" : "CSSA-2001-SCO.40", "reference_data": [
"refsource" : "CALDERA", {
"url" : "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt" "name": "oval:org.mitre.oval:def:2025",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025"
"name" : "00213", },
"refsource" : "SUN", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213" "name": "CA-2001-34",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2001-34.html"
"name" : "IY26221", },
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only" "name": "telnet-tab-bo(7284)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7284"
"name" : "20011201-01-I", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I" "name": "IY26221",
}, "refsource": "AIXAPAR",
{ "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only"
"name" : "20011214 Sun Solaris login bug patches out", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=100844757228307&w=2" "name": "20011214 Sun Solaris login bug patches out",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=100844757228307&w=2"
"name" : "3681", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3681" "name": "CSSA-2001-SCO.40",
}, "refsource": "CALDERA",
{ "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt"
"name" : "oval:org.mitre.oval:def:2025", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025" "name": "20011219 Linux distributions and /bin/login overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/246487"
"name" : "telnet-tab-bo(7284)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7284" "name": "20011201-01-I",
} "refsource": "SGI",
] "url": "ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I"
} },
} {
"name": "3681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3681"
},
{
"name": "20011212 Buffer Overflow in /bin/login",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise105.php"
},
{
"name": "VU#569272",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/569272"
},
{
"name": "00213",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213"
}
]
}
}

190
2008/0xxx/CVE-2008-0405.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0405", "ID": "CVE-2008-0405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486873/100/0/threaded" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
{ }
"name" : "http://www.rejetto.com/hfs/?f=wn", ]
"refsource" : "MISC", },
"url" : "http://www.rejetto.com/hfs/?f=wn" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.syhunt.com/advisories/hfs-1-log.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.syhunt.com/advisories/hfs-1-log.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.syhunt.com/advisories/hfshack.txt", ]
"refsource" : "MISC", }
"url" : "http://www.syhunt.com/advisories/hfshack.txt" ]
}, },
{ "references": {
"name" : "27423", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27423" "name": "http://www.rejetto.com/hfs/?f=wn",
}, "refsource": "MISC",
{ "url": "http://www.rejetto.com/hfs/?f=wn"
"name" : "28631", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28631" "name": "27423",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27423"
"name" : "3581", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3581" "name": "3581",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3581"
"name" : "hfs-unspecified-command-execution(39873)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873" "name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
} },
} {
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-log.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
]
}
}

200
2008/0xxx/CVE-2008-0992.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0992", "ID": "CVE-2008-0992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=307562", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=307562" "lang": "eng",
}, "value": "Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value."
{ }
"name" : "APPLE-SA-2008-03-18", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA08-079A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28365", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28365" ]
}, },
{ "references": {
"name" : "28304", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28304" "name": "1019673",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019673"
"name" : "ADV-2008-0924", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0924/references" "name": "28304",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28304"
"name" : "1019673", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019673" "name": "28365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28365"
"name" : "29420", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29420" "name": "TA08-079A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
"name" : "macos-pax-code-execution(41288)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41288" "name": "ADV-2008-0924",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/0924/references"
} },
} {
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "macos-pax-code-execution(41288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41288"
}
]
}
}

130
2008/1xxx/CVE-2008-1228.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1228", "ID": "CVE-2008-1228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080304 Minigal 2 critical XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=120467196623452&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action."
{ }
"name" : "28098", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28098" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28098"
},
{
"name": "20080304 Minigal 2 critical XSS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=120467196623452&w=2"
}
]
}
}

140
2008/1xxx/CVE-2008-1355.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1355", "ID": "CVE-2008-1355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28221.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28221.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "28221", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "jeeblesdirectory-path-xss(41183)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41183" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "jeeblesdirectory-path-xss(41183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41183"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28221.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28221.html"
},
{
"name": "28221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28221"
}
]
}
}

260
2008/1xxx/CVE-2008-1362.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1362", "ID": "CVE-2008-1362",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489739/100/0/threaded" "lang": "eng",
}, "value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
{ }
"name" : "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", ]
"refsource" : "MLIST", },
"url" : "http://lists.vmware.com/pipermail/security-announce/2008/000008.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0005.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" ]
}, },
{ "references": {
"name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" "name": "GLSA-201209-25",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
"name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" "name": "3755",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3755"
"name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
"name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
"name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" "name": "vmware-namedpipes-privilege-escalation(41259)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
"name" : "GLSA-201209-25", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
"name" : "28276", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28276" "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
"name" : "ADV-2008-0905", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0905/references" "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
"name" : "1019621", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019621" "name": "1019621",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019621"
"name" : "3755", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3755" "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
"name" : "vmware-namedpipes-privilege-escalation(41259)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259" "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
} "refsource": "MLIST",
] "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
} },
} {
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}

230
2008/1xxx/CVE-2008-1444.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-1444", "ID": "CVE-2008-1444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493250/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the \"SAMI Format Parsing Vulnerability.\""
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-040/", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-040/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBST02344", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=121380194923597&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT080087", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=121380194923597&w=2" ]
}, },
{ "references": {
"name" : "MS08-033", "reference_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033" "name": "ADV-2008-1780",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1780"
"name" : "TA08-162B", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-162B.html" "name": "3937",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3937"
"name" : "29578", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29578" "name": "1020223",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020223"
"name" : "oval:org.mitre.oval:def:5562", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562" "name": "MS08-033",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-033"
"name" : "ADV-2008-1780", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1780" "name": "29578",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29578"
"name" : "1020223", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020223" "name": "oval:org.mitre.oval:def:5562",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5562"
"name" : "30579", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30579" "name": "TA08-162B",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
"name" : "3937", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3937" "name": "HPSBST02344",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"
} },
} {
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-040/"
},
{
"name": "30579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30579"
},
{
"name": "20080610 ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493250/100/0/threaded"
},
{
"name": "SSRT080087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2"
}
]
}
}

210
2008/1xxx/CVE-2008-1823.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1823", "ID": "CVE-2008-1823",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1233", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1233/references" ]
}, },
{ "references": {
"name" : "ADV-2008-1267", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1267/references" "name": "oracle-cpu-april-2008(41858)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
"name" : "1019855", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019855" "name": "ADV-2008-1267",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1267/references"
"name" : "29874", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29874" "name": "ADV-2008-1233",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1233/references"
"name" : "29829", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29829" "name": "1019855",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019855"
"name" : "oracle-cpu-april-2008(41858)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" "name": "29829",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29829"
"name" : "oracle-jinitiator-unauth-access(42045)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42045" "name": "HPSBMA02133",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"name": "29874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29874"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"name": "oracle-jinitiator-unauth-access(42045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42045"
}
]
}
}

560
2008/5xxx/CVE-2008-5077.json
View File

@ -1,282 +1,282 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-5077", "ID": "CVE-2008-5077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/502322/100/0/threaded" "lang": "eng",
}, "value": "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys."
{ }
"name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ocert.org/advisories/ocert-2008-016.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.ocert.org/advisories/ocert-2008-016.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html", ]
"refsource" : "CONFIRM", }
"url" : "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm" "name": "SSRT090002",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=123859864430555&w=2"
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653", },
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html" "name": "SUSE-SU-2011:0847",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
"name" : "http://support.apple.com/kb/HT3549", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3549" "name": "http://support.apple.com/kb/HT3549",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3549"
"name" : "http://www.openssl.org/news/secadv_20090107.txt", },
"refsource" : "CONFIRM", {
"url" : "http://www.openssl.org/news/secadv_20090107.txt" "name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
"name" : "APPLE-SA-2009-05-12", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" "name": "250826",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1"
"name" : "GLSA-200902-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200902-02.xml" "name": "http://www.openssl.org/news/secadv_20090107.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.openssl.org/news/secadv_20090107.txt"
"name" : "HPSBUX02418", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123859864430555&w=2" "name": "ADV-2009-0558",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0558"
"name" : "SSRT090002", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123859864430555&w=2" "name": "openSUSE-SU-2011:0845",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
"name" : "HPSBMA02426", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=124277349419254&w=2" "name": "HPSBUX02418",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=123859864430555&w=2"
"name" : "SSRT090053", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=124277349419254&w=2" "name": "1021523",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021523"
"name" : "HPSBOV02540", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127678688104458&w=2" "name": "ADV-2009-0362",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0362"
"name" : "RHSA-2009:0004", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0004.html" "name": "GLSA-200902-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200902-02.xml"
"name" : "SSA:2009-014-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796" "name": "HPSBMA02426",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=124277349419254&w=2"
"name" : "250826", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1" "name": "ADV-2009-0289",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0289"
"name" : "SUSE-SU-2011:0847", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" "name": "35074",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35074"
"name" : "openSUSE-SU-2011:0845", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm"
"name" : "USN-704-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/704-1/" "name": "34211",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34211"
"name" : "TA09-133A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" "name": "ADV-2009-0040",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0040"
"name" : "33150", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33150" "name": "HPSBOV02540",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=127678688104458&w=2"
"name" : "oval:org.mitre.oval:def:6380", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380" "name": "APPLE-SA-2009-05-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
"name" : "oval:org.mitre.oval:def:9155", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155" "name": "SSA:2009-014-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796"
"name" : "1021523", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021523" "name": "ADV-2009-0904",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0904"
"name" : "34211", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34211" "name": "ADV-2009-0913",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0913"
"name" : "35074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35074" "name": "33557",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33557"
"name" : "35108", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35108" "name": "33765",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33765"
"name" : "39005", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39005" "name": "http://www.ocert.org/advisories/ocert-2008-016.html",
}, "refsource": "MISC",
{ "url": "http://www.ocert.org/advisories/ocert-2008-016.html"
"name" : "33338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33338" "name": "33673",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33673"
"name" : "33394", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33394" "name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
"name" : "ADV-2009-0040", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0040" "name": "33436",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33436"
"name" : "ADV-2009-0289", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0289" "name": "35108",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35108"
"name" : "ADV-2009-0362", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0362" "name": "TA09-133A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
"name" : "33765", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33765" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653"
"name" : "33673", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33673" "name": "33150",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33150"
"name" : "33557", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33557" "name": "RHSA-2009:0004",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0004.html"
"name" : "33436", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33436" "name": "ADV-2009-1297",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1297"
"name" : "ADV-2009-0558", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0558" "name": "USN-704-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/704-1/"
"name" : "ADV-2009-0913", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0913" "name": "33338",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33338"
"name" : "ADV-2009-0904", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0904" "name": "ADV-2009-1338",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1338"
"name" : "ADV-2009-1297", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1297" "name": "SSRT090053",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=124277349419254&w=2"
"name" : "ADV-2009-1338", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1338" "name": "33394",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/33394"
} },
} {
"name": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html",
"refsource": "CONFIRM",
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html"
},
{
"name": "oval:org.mitre.oval:def:6380",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380"
},
{
"name": "39005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39005"
},
{
"name": "oval:org.mitre.oval:def:9155",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155"
}
]
}
}

130
2008/5xxx/CVE-2008-5144.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5144", "ID": "CVE-2008-5144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.debian.org/debian-devel/2008/08/msg00285.html" "lang": "eng",
}, "value": "nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file."
{ }
"name" : "32411", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32411" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32411"
},
{
"name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html"
}
]
}
}

170
2008/5xxx/CVE-2008-5263.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-5263", "ID": "CVE-2008-5263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090225 Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501228/100/0/threaded" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file)."
{ }
"name" : "http://secunia.com/secunia_research/2008-63/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2008-63/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33902", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33902" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33469", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33469" ]
}, },
{ "references": {
"name" : "ADV-2009-0528", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0528" "name": "33469",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33469"
"name" : "ksquirrellibs-rgbe-bo(48901)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48901" "name": "ksquirrellibs-rgbe-bo(48901)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48901"
} },
} {
"name": "http://secunia.com/secunia_research/2008-63/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-63/"
},
{
"name": "ADV-2009-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0528"
},
{
"name": "33902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33902"
},
{
"name": "20090225 Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501228/100/0/threaded"
}
]
}
}

150
2008/5xxx/CVE-2008-5429.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5429", "ID": "CVE-2008-5429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081208 DoS attacks on MIME-capable software via complex MIME emails", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499038/100/0/threaded" "lang": "eng",
}, "value": "Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173."
{ }
"name" : "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/499045/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro", "description": [
"refsource" : "MISC", {
"url" : "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4721", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4721" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource": "MISC",
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}
}

200
2008/5xxx/CVE-2008-5587.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5587", "ID": "CVE-2008-5587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7363", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7363" "lang": "eng",
}, "value": "Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php."
{ }
"name" : "DSA-1693", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2008/dsa-1693" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SR:2009:004", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:0493", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html" ]
}, },
{ "references": {
"name" : "32670", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32670" "name": "openSUSE-SU-2012:0493",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
"name" : "33014", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33014" "name": "phppgadmin-index-file-include(47140)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140"
"name" : "33263", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33263" "name": "7363",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/7363"
"name" : "4737", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4737" "name": "33014",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33014"
"name" : "phppgadmin-index-file-include(47140)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140" "name": "32670",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/32670"
} },
} {
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "4737",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4737"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}

120
2011/2xxx/CVE-2011-2601.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2601", "ID": "CVE-2011-2601",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.contextis.com/resources/blog/webgl/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.contextis.com/resources/blog/webgl/" "lang": "eng",
} "value": "The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.contextis.com/resources/blog/webgl/",
"refsource": "MISC",
"url": "http://www.contextis.com/resources/blog/webgl/"
}
]
}
}

120
2011/2xxx/CVE-2011-2755.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2755", "ID": "CVE-2011-2755",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#543310", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/543310" "lang": "eng",
} "value": "Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#543310",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/543310"
}
]
}
}

140
2013/0xxx/CVE-2013-0011.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-0011", "ID": "CVE-2013-0011",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka \"Windows Print Spooler Components Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-001", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-001" "lang": "eng",
}, "value": "The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka \"Windows Print Spooler Components Vulnerability.\""
{ }
"name" : "TA13-008A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-008A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16357", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16357" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA13-008A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "MS13-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-001"
},
{
"name": "oval:org.mitre.oval:def:16357",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16357"
}
]
}
}

150
2013/0xxx/CVE-2013-0223.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0223", "ID": "CVE-2013-0223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=798541", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=798541" "lang": "eng",
}, "value": "The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=903466", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=903466" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19", "description": [
"refsource" : "CONFIRM", {
"url" : "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1652", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1652.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2013:1652",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1652.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=798541",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=798541"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=903466",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=903466"
},
{
"name": "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19",
"refsource": "CONFIRM",
"url": "https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19"
}
]
}
}

34
2013/0xxx/CVE-2013-0546.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0546", "ID": "CVE-2013-0546",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2013/1xxx/CVE-2013-1003.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-1003", "ID": "CVE-2013-1003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5766", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5766" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1."
{ }
"name" : "http://support.apple.com/kb/HT5785", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5934", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-05-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-06-04-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" "name": "http://support.apple.com/kb/HT5785",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5785"
"name" : "APPLE-SA-2013-09-18-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "name": "oval:org.mitre.oval:def:17252",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17252"
"name" : "oval:org.mitre.oval:def:17252", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17252" "name": "54886",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54886"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT5934",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT5934"
} },
} {
"name": "APPLE-SA-2013-06-04-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT5766",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5766"
},
{
"name": "APPLE-SA-2013-05-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

140
2013/1xxx/CVE-2013-1252.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1252", "ID": "CVE-2013-1252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-016", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016" "lang": "eng",
}, "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016."
{ }
"name" : "TA13-043B", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16480", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16480" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016"
},
{
"name": "TA13-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
},
{
"name": "oval:org.mitre.oval:def:16480",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16480"
}
]
}
}

160
2013/1xxx/CVE-2013-1859.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1859", "ID": "CVE-2013-1859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130313 [Security-news] SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Mar/133" "lang": "eng",
}, "value": "The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors."
{ }
"name" : "[oss-security] 20130314 Re: CVE request for a Drupal contributed module", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/03/15/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1942330", "description": [
"refsource" : "MISC", {
"url" : "http://drupal.org/node/1942330" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html" ]
}, },
{ "references": {
"name" : "91257", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/91257" "name": "91257",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/91257"
} },
} {
"name": "http://drupal.org/node/1942330",
"refsource": "MISC",
"url": "http://drupal.org/node/1942330"
},
{
"name": "http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html"
},
{
"name": "[oss-security] 20130314 Re: CVE request for a Drupal contributed module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/15/2"
},
{
"name": "20130313 [Security-news] SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/133"
}
]
}
}

200
2013/3xxx/CVE-2013-3035.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-3035", "ID": "CVE-2013-3035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc" "lang": "eng",
}, "value": "The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface."
{ }
"name" : "IV37925", ]
"refsource" : "AIXAPAR", },
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV37925" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV42072", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV42072" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IV42095", ]
"refsource" : "AIXAPAR", }
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV42095" ]
}, },
{ "references": {
"name" : "IV42124", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV42124" "name": "IV42124",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42124"
"name" : "IV42229", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV42229" "name": "IV42229",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42229"
"name" : "IV42264", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV42264" "name": "IV42095",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42095"
"name" : "oval:org.mitre.oval:def:19253", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19253" "name": "IV42264",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42264"
"name" : "aix-cve20133035-dos(84657)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84657" "name": "IV37925",
} "refsource": "AIXAPAR",
] "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV37925"
} },
} {
"name": "aix-cve20133035-dos(84657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84657"
},
{
"name": "IV42072",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42072"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc"
},
{
"name": "oval:org.mitre.oval:def:19253",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19253"
}
]
}
}

150
2013/3xxx/CVE-2013-3258.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2013-3258", "ID": "CVE-2013-3258",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wordpress.org/plugins/digg-digg/changelog/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/plugins/digg-digg/changelog/" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors."
{ }
"name" : "60046", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/60046" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53120", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53120" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "diggdigg-cve20133258-csrf(84418)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84418" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://wordpress.org/plugins/digg-digg/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/digg-digg/changelog/"
},
{
"name": "53120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53120"
},
{
"name": "60046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60046"
},
{
"name": "diggdigg-cve20133258-csrf(84418)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84418"
}
]
}
}

130
2013/3xxx/CVE-2013-3348.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-3348", "ID": "CVE-2013-3348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-18.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-18.html" "lang": "eng",
}, "value": "Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "1028758", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1028758" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1028758",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028758"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-18.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-18.html"
}
]
}
}

130
2013/3xxx/CVE-2013-3406.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3406", "ID": "CVE-2013-3406",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Files Available for Download\" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31775", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31775" "lang": "eng",
}, "value": "The \"Files Available for Download\" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687."
{ }
"name" : "20131114 Cisco Services Portal File Download Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3406" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31775",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31775"
},
{
"name": "20131114 Cisco Services Portal File Download Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3406"
}
]
}
}

130
2013/4xxx/CVE-2013-4056.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-4056", "ID": "CVE-2013-4056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652413", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652413" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users."
{ }
"name" : "ibm-infosphere-cve20134056-csrf(86545)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86545" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-infosphere-cve20134056-csrf(86545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86545"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652413",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652413"
}
]
}
}

160
2013/4xxx/CVE-2013-4274.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4274", "ID": "CVE-2013-4274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the \"Administer policies\" permission to inject arbitrary web script or HTML via the \"Password Expiration Warning\" field to the admin/config/people/password_policy/add page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130822 Re: CVE request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/08/22/2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the \"Administer policies\" permission to inject arbitrary web script or HTML via the \"Password Expiration Warning\" field to the admin/config/people/password_policy/add page."
{ }
"name" : "http://www.madirish.net/557", ]
"refsource" : "MISC", },
"url" : "http://www.madirish.net/557" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://drupal.org/node/2065387", "description": [
"refsource" : "MISC", {
"url" : "https://drupal.org/node/2065387" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://drupal.org/node/2065241", ]
"refsource" : "CONFIRM", }
"url" : "https://drupal.org/node/2065241" ]
}, },
{ "references": {
"name" : "61780", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/61780" "name": "[oss-security] 20130822 Re: CVE request for Drupal contributed modules",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2013/08/22/2"
} },
} {
"name": "61780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61780"
},
{
"name": "http://www.madirish.net/557",
"refsource": "MISC",
"url": "http://www.madirish.net/557"
},
{
"name": "https://drupal.org/node/2065387",
"refsource": "MISC",
"url": "https://drupal.org/node/2065387"
},
{
"name": "https://drupal.org/node/2065241",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2065241"
}
]
}
}

34
2013/4xxx/CVE-2013-4642.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4642", "ID": "CVE-2013-4642",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/4xxx/CVE-2013-4667.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4667", "ID": "CVE-2013-4667",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/12xxx/CVE-2017-12320.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12320", "ID": "CVE-2017-12320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Registered Envelope Service", "product_name": "Cisco Registered Envelope Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Registered Envelope Service" "version_value": "Cisco Registered Envelope Service"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res" "lang": "eng",
}, "value": "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999."
{ }
"name" : "101863", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101863" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res"
},
{
"name": "101863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101863"
}
]
}
}

130
2017/12xxx/CVE-2017-12816.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnerability@kaspersky.com", "ASSIGNER": "vulnerability@kaspersky.com",
"ID" : "CVE-2017-12816", "ID": "CVE-2017-12816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622", "product_name": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622" "version_value": "Kaspersky Lab Kaspersky Internet Security for Android 11.12.4.1622"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Kaspersky Lab" "vendor_name": "Kaspersky Lab"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817" "lang": "eng",
}, "value": "In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC."
{ }
"name" : "100505", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100505" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#090817"
},
{
"name": "100505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100505"
}
]
}
}

34
2017/13xxx/CVE-2017-13343.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13343", "ID": "CVE-2017-13343",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13395.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13395", "ID": "CVE-2017-13395",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13519.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13519", "ID": "CVE-2017-13519",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/13xxx/CVE-2017-13808.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-13808", "ID": "CVE-2017-13808",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Remote Management\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208221", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Remote Management\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "1039710", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1039710" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "1039710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039710"
}
]
}
}

122
2017/16xxx/CVE-2017-16064.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16064", "ID": "CVE-2017-16064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "node-openssl node module", "product_name": "node-openssl node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Embedded Malicious Code (CWE-506)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/503", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/503" "lang": "eng",
} "value": "node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/503",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/503"
}
]
}
}

132
2017/16xxx/CVE-2017-16222.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16222", "ID": "CVE-2017-16222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "elding node module", "product_name": "elding node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing \"../\" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/elding", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/elding" "lang": "eng",
}, "value": "elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing \"../\" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js."
{ }
"name" : "https://nodesecurity.io/advisories/415", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/415" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/elding",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/elding"
},
{
"name": "https://nodesecurity.io/advisories/415",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/415"
}
]
}
}

140
2017/16xxx/CVE-2017-16397.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-16397", "ID": "CVE-2017-16397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
{ }
"name" : "102140", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039791", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039791" "lang": "eng",
} "value": "Out-of-bounds Read"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name": "102140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102140"
}
]
}
}

120
2017/17xxx/CVE-2017-17102.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17102", "ID": "CVE-2017-17102",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/FiyoCMS/FiyoCMS/issues/9", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/FiyoCMS/FiyoCMS/issues/9" "lang": "eng",
} "value": "Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FiyoCMS/FiyoCMS/issues/9",
"refsource": "MISC",
"url": "https://github.com/FiyoCMS/FiyoCMS/issues/9"
}
]
}
}

120
2017/17xxx/CVE-2017-17653.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-17653", "ID": "CVE-2017-17653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Quest NetVault Backup", "product_name": "Quest NetVault Backup",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.3.0.12" "version_value": "11.3.0.12"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Quest" "vendor_name": "Quest"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-989", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-989" "lang": "eng",
} "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-989",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-989"
}
]
}
}

34
2017/17xxx/CVE-2017-17666.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17666", "ID": "CVE-2017-17666",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/17xxx/CVE-2017-17843.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17843", "ID": "CVE-2017-17843",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1219-1] enigmail security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html" "lang": "eng",
}, "value": "An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002."
{ }
"name" : "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf", ]
"refsource" : "MISC", },
"url" : "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://lists.debian.org/debian-security-announce/2017/msg00333.html", "description": [
"refsource" : "MISC", {
"url" : "https://lists.debian.org/debian-security-announce/2017/msg00333.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html", ]
"refsource" : "MISC", }
"url" : "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html" ]
}, },
{ "references": {
"name" : "DSA-4070", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4070" "name": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf",
} "refsource": "MISC",
] "url": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf"
} },
} {
"name": "https://lists.debian.org/debian-security-announce/2017/msg00333.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00333.html"
},
{
"name": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html"
},
{
"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1219-1] enigmail security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html"
},
{
"name": "DSA-4070",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4070"
}
]
}
}

130
2017/17xxx/CVE-2017-17942.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17942", "ID": "CVE-2017-17942",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2767", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2767" "lang": "eng",
}, "value": "In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c."
{ }
"name" : "102312", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102312" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2767",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2767"
},
{
"name": "102312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102312"
}
]
}
}

34
2018/18xxx/CVE-2018-18129.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18129", "ID": "CVE-2018-18129",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18669.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18669", "ID": "CVE-2018-18669",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18770.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18770", "ID": "CVE-2018-18770",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/18xxx/CVE-2018-18827.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18827", "ID": "CVE-2018-18827",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1135", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1135" "lang": "eng",
} "value": "There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1135",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1135"
}
]
}
}

120
2018/18xxx/CVE-2018-18925.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18925", "ID": "CVE-2018-18925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a \"..\" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/gogs/gogs/issues/5469", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/gogs/gogs/issues/5469" "lang": "eng",
} "value": "Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a \"..\" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gogs/gogs/issues/5469",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/issues/5469"
}
]
}
}

34
2018/1xxx/CVE-2018-1538.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1538", "ID": "CVE-2018-1538",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2018/1xxx/CVE-2018-1550.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-24T00:00:00", "DATE_PUBLIC": "2018-09-24T00:00:00",
"ID" : "CVE-2018-1550", "ID": "CVE-2018-1550",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Spectrum Protect", "product_name": "Spectrum Protect",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.1" "version_value": "7.1"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "H",
"AC" : "L",
"AV" : "L",
"C" : "N",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "6.200",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10719401", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10719401" "lang": "eng",
}, "value": "IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696."
{ }
"name" : "ibm-tivoli-cve20181550-dos(142696)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696" "impact": {
} "cvssv3": {
] "BM": {
} "A": "H",
} "AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "6.200",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tivoli-cve20181550-dos(142696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142696"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10719401",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10719401"
}
]
}
}

194
2018/1xxx/CVE-2018-1657.json
View File

@ -1,99 +1,99 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-02T00:00:00", "DATE_PUBLIC": "2019-01-02T00:00:00",
"ID" : "CVE-2018-1657", "ID": "CVE-2018-1657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Publishing Engine", "product_name": "Rational Publishing Engine",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1.2" "version_value": "2.1.2"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
}, },
{ {
"version_value" : "6.0.6" "version_value": "6.0.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10792081", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10792081" "lang": "eng",
}, "value": "IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883."
{ }
"name" : "106460", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106460" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-publishing-cve20181657-xss(144883)", "A": "N",
"refsource" : "XF", "AC": "L",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144883" "AV": "N",
} "C": "L",
] "I": "L",
} "PR": "L",
} "S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-publishing-cve20181657-xss(144883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144883"
},
{
"name": "106460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106460"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10792081",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10792081"
}
]
}
}

34
2018/1xxx/CVE-2018-1981.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1981", "ID": "CVE-2018-1981",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

472
2018/5xxx/CVE-2018-5390.json
View File

@ -1,238 +1,238 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2018-5390", "ID": "CVE-2018-5390",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service" "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux Kernel", "product_name": "Linux Kernel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : ">=", "affected": ">=",
"version_name" : "4.9", "version_name": "4.9",
"version_value" : "4.9" "version_value": "4.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux" "vendor_name": "Linux"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" "lang": "eng",
}, "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
{ }
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e", ]
"refsource" : "CONFIRM", },
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.synology.com/support/security/Synology_SA_18_41", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/support/security/Synology_SA_18_41" "lang": "eng",
}, "value": "CWE-400"
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180815-0003/", ]
"refsource" : "CONFIRM", }
"url" : "https://security.netapp.com/advisory/ntap-20180815-0003/" ]
}, },
{ "references": {
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt" "name": "RHSA-2018:2785",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2785"
"name" : "https://support.f5.com/csp/article/K95343321", },
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K95343321" "name": "https://security.netapp.com/advisory/ntap-20180815-0003/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
"name" : "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack", },
"refsource" : "CONFIRM", {
"url" : "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack" "name": "VU#962459",
}, "refsource": "CERT-VN",
{ "url": "https://www.kb.cert.org/vuls/id/962459"
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", },
"refsource" : "CONFIRM", {
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", },
"refsource" : "CONFIRM", {
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "name": "USN-3741-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3741-2/"
"name" : "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018", },
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp" "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name" : "DSA-4266", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4266" "name": "RHSA-2018:2776",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2776"
"name" : "RHSA-2018:2384", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2384" "name": "https://www.synology.com/support/security/Synology_SA_18_41",
}, "refsource": "CONFIRM",
{ "url": "https://www.synology.com/support/security/Synology_SA_18_41"
"name" : "RHSA-2018:2395", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2395" "name": "RHSA-2018:2933",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2933"
"name" : "RHSA-2018:2402", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2402" "name": "RHSA-2018:2403",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2403"
"name" : "RHSA-2018:2403", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2403" "name": "RHSA-2018:2395",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2395"
"name" : "RHSA-2018:2645", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2645" "name": "USN-3763-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3763-1/"
"name" : "RHSA-2018:2776", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2776" "name": "RHSA-2018:2384",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2384"
"name" : "RHSA-2018:2785", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2785" "name": "https://support.f5.com/csp/article/K95343321",
}, "refsource": "CONFIRM",
{ "url": "https://support.f5.com/csp/article/K95343321"
"name" : "RHSA-2018:2789", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2789" "name": "USN-3741-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3741-1/"
"name" : "RHSA-2018:2790", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2790" "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
}, "refsource": "CONFIRM",
{ "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name" : "RHSA-2018:2791", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2791" "name": "RHSA-2018:2402",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2402"
"name" : "RHSA-2018:2924", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2924" "name": "RHSA-2018:2948",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2948"
"name" : "RHSA-2018:2933", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2933" "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack",
}, "refsource": "CONFIRM",
{ "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
"name" : "RHSA-2018:2948", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2948" "name": "USN-3742-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3742-2/"
"name" : "USN-3732-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3732-1/" "name": "1041434",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041434"
"name" : "USN-3732-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3732-2/" "name": "USN-3732-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3732-2/"
"name" : "USN-3741-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3741-1/" "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e",
}, "refsource": "CONFIRM",
{ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
"name" : "USN-3742-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3742-1/" "name": "104976",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/104976"
"name" : "USN-3742-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3742-2/" "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
"name" : "USN-3741-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3741-2/" "name": "1041424",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041424"
"name" : "USN-3763-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3763-1/" "name": "USN-3742-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3742-1/"
"name" : "VU#962459", },
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/962459" "name": "RHSA-2018:2924",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2924"
"name" : "104976", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104976" "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
}, "refsource": "CISCO",
{ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
"name" : "1041424", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041424" "name": "RHSA-2018:2789",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2789"
"name" : "1041434", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041434" "name": "DSA-4266",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4266"
}, },
"source" : { {
"discovery" : "UNKNOWN" "name": "RHSA-2018:2645",
} "refsource": "REDHAT",
} "url": "https://access.redhat.com/errata/RHSA-2018:2645"
},
{
"name": "USN-3732-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3732-1/"
},
{
"name": "RHSA-2018:2791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2791"
},
{
"name": "RHSA-2018:2790",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2790"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

130
2018/5xxx/CVE-2018-5673.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5673", "ID": "CVE-2018-5673",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md" "lang": "eng",
}, "value": "An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php."
{ }
"name" : "https://wpvulndb.com/vulnerabilities/9012", ]
"refsource" : "MISC", },
"url" : "https://wpvulndb.com/vulnerabilities/9012" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9012",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9012"
},
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md"
}
]
}
}