admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:33:59 +00:00
parent 474a4e1ce2
commit f91ca31015
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3518 additions and 3518 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0080.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml"
},
{
"name" : "2117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2117"
},
{
"name" : "cisco-catalyst-ssh-mismatch(5760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-catalyst-ssh-mismatch(5760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5760"
},
{
"name": "2117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2117"
},
{
"name": "20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml"
}
]
}
}

120
2001/0xxx/CVE-2001-0161.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf",
"refsource": "MISC",
"url": "http://www.cs.jhu.edu/~seny/pubs/wince802.pdf"
}
]
}
}

200
2001/0xxx/CVE-2001-0416.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-038",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2001/dsa-038"
},
{
"name" : "RHSA-2001:027",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-027.html"
},
{
"name" : "20010316 Immunix OS Security update for sgml-tools",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=98477491130367&w=2"
},
{
"name" : "MDKSA-2001:030",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3"
},
{
"name" : "CLA-2001:390",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390"
},
{
"name" : "sgmltools-symlink(6201)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6201"
},
{
"name" : "SuSE-SA:2001:16",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html"
},
{
"name" : "2683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2683"
},
{
"name" : "2506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:027",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-027.html"
},
{
"name": "2506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2506"
},
{
"name": "MDKSA-2001:030",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3"
},
{
"name": "DSA-038",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-038"
},
{
"name": "2683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2683"
},
{
"name": "SuSE-SA:2001:16",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html"
},
{
"name": "sgmltools-symlink(6201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6201"
},
{
"name": "20010316 Immunix OS Security update for sgml-tools",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98477491130367&w=2"
},
{
"name": "CLA-2001:390",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390"
}
]
}
}

170
2001/0xxx/CVE-2001-0906.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010622 LPRng + tetex tmpfile race - uid lp exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/192647"
},
{
"name" : "RHSA-2001:102",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-102.html"
},
{
"name" : "MDKSA-2001:086",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3"
},
{
"name" : "IMNX-2001-70-030-01",
"refsource" : "IMMUNIX",
"url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01"
},
{
"name" : "2974",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2974"
},
{
"name" : "tetex-lprng-tmp-race(6785)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010622 LPRng + tetex tmpfile race - uid lp exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/192647"
},
{
"name": "2974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2974"
},
{
"name": "tetex-lprng-tmp-race(6785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6785"
},
{
"name": "IMNX-2001-70-030-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01"
},
{
"name": "RHSA-2001:102",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-102.html"
},
{
"name": "MDKSA-2001:086",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3"
}
]
}
}

320
2008/0xxx/CVE-2008-0171.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080213 rPSA-2008-0063-1 boost",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488102/100/0/threaded"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=205955",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=205955"
},
{
"name" : "http://svn.boost.org/trac/boost/changeset/42674",
"refsource" : "CONFIRM",
"url" : "http://svn.boost.org/trac/boost/changeset/42674"
},
{
"name" : "http://svn.boost.org/trac/boost/changeset/42745",
"refsource" : "CONFIRM",
"url" : "http://svn.boost.org/trac/boost/changeset/42745"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2143",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2143"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0063",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0063"
},
{
"name" : "FEDORA-2008-0880",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"
},
{
"name" : "GLSA-200802-08",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"
},
{
"name" : "MDVSA-2008:032",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"
},
{
"name" : "SUSE-SR:2008:006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name" : "USN-570-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-570-1"
},
{
"name" : "27325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27325"
},
{
"name" : "48099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48099"
},
{
"name" : "ADV-2008-0249",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0249"
},
{
"name" : "28545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28545"
},
{
"name" : "28705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28705"
},
{
"name" : "28511",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28511"
},
{
"name" : "28527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28527"
},
{
"name" : "28943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28943"
},
{
"name" : "28860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28860"
},
{
"name" : "29323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0063",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063"
},
{
"name": "48099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48099"
},
{
"name": "ADV-2008-0249",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0249"
},
{
"name": "27325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27325"
},
{
"name": "28860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28860"
},
{
"name": "http://svn.boost.org/trac/boost/changeset/42745",
"refsource": "CONFIRM",
"url": "http://svn.boost.org/trac/boost/changeset/42745"
},
{
"name": "28943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28943"
},
{
"name": "http://svn.boost.org/trac/boost/changeset/42674",
"refsource": "CONFIRM",
"url": "http://svn.boost.org/trac/boost/changeset/42674"
},
{
"name": "https://issues.rpath.com/browse/RPL-2143",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2143"
},
{
"name": "FEDORA-2008-0880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"
},
{
"name": "28511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28511"
},
{
"name": "20080213 rPSA-2008-0063-1 boost",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded"
},
{
"name": "28705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28705"
},
{
"name": "28545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28545"
},
{
"name": "SUSE-SR:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
},
{
"name": "GLSA-200802-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"
},
{
"name": "28527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28527"
},
{
"name": "USN-570-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-570-1"
},
{
"name": "29323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29323"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=205955",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=205955"
},
{
"name": "MDVSA-2008:032",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"
}
]
}
}

160
2008/0xxx/CVE-2008-0941.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080221 aeries browser interface(ABI) 3.8.2.8 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488430/100/0/threaded"
},
{
"name" : "27924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27924"
},
{
"name" : "29053",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29053"
},
{
"name" : "3694",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3694"
},
{
"name" : "abi-newevent-xss(40756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "abi-newevent-xss(40756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40756"
},
{
"name": "29053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29053"
},
{
"name": "27924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27924"
},
{
"name": "3694",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3694"
},
{
"name": "20080221 aeries browser interface(ABI) 3.8.2.8 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488430/100/0/threaded"
}
]
}
}

34
2008/1xxx/CVE-2008-1029.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1029",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1029",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

300
2008/1xxx/CVE-2008-1111.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080312 rPSA-2008-0106-1 lighttpd",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489465/100/0/threaded"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106",
"refsource" : "MISC",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2326",
"refsource" : "MISC",
"url" : "https://issues.rpath.com/browse/RPL-2326"
},
{
"name" : "http://trac.lighttpd.net/trac/changeset/2107",
"refsource" : "CONFIRM",
"url" : "http://trac.lighttpd.net/trac/changeset/2107"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=211956",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=211956"
},
{
"name" : "DSA-1513",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1513"
},
{
"name" : "FEDORA-2008-2262",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html"
},
{
"name" : "FEDORA-2008-2278",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html"
},
{
"name" : "GLSA-200803-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-10.xml"
},
{
"name" : "SUSE-SR:2008:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name" : "28100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28100"
},
{
"name" : "ADV-2008-0763",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0763"
},
{
"name" : "29209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29209"
},
{
"name" : "29268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29268"
},
{
"name" : "29275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29275"
},
{
"name" : "29235",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29235"
},
{
"name" : "29318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29318"
},
{
"name" : "29622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29622"
},
{
"name" : "lighttpd-modcgi-information-disclosure(41008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29268"
},
{
"name": "29622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29622"
},
{
"name": "ADV-2008-0763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0763"
},
{
"name": "29318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29318"
},
{
"name": "SUSE-SR:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"name": "29209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29209"
},
{
"name": "DSA-1513",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1513"
},
{
"name": "FEDORA-2008-2262",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html"
},
{
"name": "28100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28100"
},
{
"name": "20080312 rPSA-2008-0106-1 lighttpd",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489465/100/0/threaded"
},
{
"name": "29275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29275"
},
{
"name": "GLSA-200803-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-10.xml"
},
{
"name": "https://issues.rpath.com/browse/RPL-2326",
"refsource": "MISC",
"url": "https://issues.rpath.com/browse/RPL-2326"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=211956",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=211956"
},
{
"name": "FEDORA-2008-2278",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html"
},
{
"name": "http://trac.lighttpd.net/trac/changeset/2107",
"refsource": "CONFIRM",
"url": "http://trac.lighttpd.net/trac/changeset/2107"
},
{
"name": "29235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29235"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106"
},
{
"name": "lighttpd-modcgi-information-disclosure(41008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41008"
}
]
}
}

150
2008/1xxx/CVE-2008-1182.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.pfsense.org/?p=170",
"refsource" : "CONFIRM",
"url" : "http://blog.pfsense.org/?p=170"
},
{
"name" : "28072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28072"
},
{
"name" : "29126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29126"
},
{
"name" : "pfsense-unspecified-xss(40967)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.pfsense.org/?p=170",
"refsource": "CONFIRM",
"url": "http://blog.pfsense.org/?p=170"
},
{
"name": "28072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28072"
},
{
"name": "29126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29126"
},
{
"name": "pfsense-unspecified-xss(40967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40967"
}
]
}
}

190
2008/1xxx/CVE-2008-1358.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5248",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5248"
},
{
"name" : "http://www.be4mind.com/?q=node/256",
"refsource" : "MISC",
"url" : "http://www.be4mind.com/?q=node/256"
},
{
"name" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt",
"refsource" : "CONFIRM",
"url" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt"
},
{
"name" : "28245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28245"
},
{
"name" : "ADV-2008-0877",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0877/references"
},
{
"name" : "1019615",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019615"
},
{
"name" : "29382",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29382"
},
{
"name" : "mdaemon-hashcash-bo(41195)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41195"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019615"
},
{
"name": "http://www.be4mind.com/?q=node/256",
"refsource": "MISC",
"url": "http://www.be4mind.com/?q=node/256"
},
{
"name": "mdaemon-hashcash-bo(41195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41195"
},
{
"name": "ADV-2008-0877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0877/references"
},
{
"name": "5248",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5248"
},
{
"name": "28245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28245"
},
{
"name": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt",
"refsource": "CONFIRM",
"url": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt"
},
{
"name": "29382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29382"
}
]
}
}

360
2008/1xxx/CVE-2008-1833.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877",
"refsource" : "CONFIRM",
"url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name" : "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource" : "CONFIRM",
"url" : "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"name" : "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource" : "CONFIRM",
"url" : "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name" : "APPLE-SA-2008-09-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name" : "DSA-1549",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1549"
},
{
"name" : "FEDORA-2008-3358",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name" : "FEDORA-2008-3420",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name" : "GLSA-200805-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name" : "MDVSA-2008:088",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name" : "SUSE-SA:2008:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name" : "TA08-260A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name" : "28798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28798"
},
{
"name" : "28784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28784"
},
{
"name" : "ADV-2008-1227",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name" : "ADV-2008-2584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name" : "1019850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019850"
},
{
"name" : "29863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29863"
},
{
"name" : "29891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29891"
},
{
"name" : "29975",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29975"
},
{
"name" : "30328",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30328"
},
{
"name" : "31576",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31576"
},
{
"name" : "31882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31882"
},
{
"name" : "clamav-wwpack-pe-bo(41833)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}

150
2008/5xxx/CVE-2008-5185.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using \"<\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081120 CVE id request: another geshi issue (was: [oss-security] GeSHi: Clarification about the recent security (non-)issues (SA32559))",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/11/20/4"
},
{
"name" : "http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/geshi.php?r1=1321&r2=1322&view=patch",
"refsource" : "CONFIRM",
"url" : "http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/geshi.php?r1=1321&r2=1322&view=patch"
},
{
"name" : "32377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32377"
},
{
"name" : "geshi-xml-dos(46769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using \"<\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32377"
},
{
"name": "geshi-xml-dos(46769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46769"
},
{
"name": "http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/geshi.php?r1=1321&r2=1322&view=patch",
"refsource": "CONFIRM",
"url": "http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/geshi.php?r1=1321&r2=1322&view=patch"
},
{
"name": "[oss-security] 20081120 CVE id request: another geshi issue (was: [oss-security] GeSHi: Clarification about the recent security (non-)issues (SA32559))",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/20/4"
}
]
}
}

170
2008/5xxx/CVE-2008-5769.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kerio.com/kms_history.html",
"refsource" : "CONFIRM",
"url" : "http://www.kerio.com/kms_history.html"
},
{
"name" : "http://www.kerio.com/security_advisory.html",
"refsource" : "CONFIRM",
"url" : "http://www.kerio.com/security_advisory.html"
},
{
"name" : "32863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32863"
},
{
"name" : "32955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32955"
},
{
"name" : "ADV-2008-3442",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3442"
},
{
"name" : "mailerserver-mailcompose-calendaredit-xss(47397)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32863"
},
{
"name": "32955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32955"
},
{
"name": "mailerserver-mailcompose-calendaredit-xss(47397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47397"
},
{
"name": "http://www.kerio.com/security_advisory.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "http://www.kerio.com/kms_history.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/kms_history.html"
},
{
"name": "ADV-2008-3442",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3442"
}
]
}
}

150
2008/5xxx/CVE-2008-5892.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7485",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7485"
},
{
"name" : "32857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32857"
},
{
"name" : "33155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33155"
},
{
"name" : "4903",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4903"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4903",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4903"
},
{
"name": "33155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33155"
},
{
"name": "7485",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7485"
},
{
"name": "32857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32857"
}
]
}
}

130
2011/2xxx/CVE-2011-2294.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

34
2011/2xxx/CVE-2011-2466.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2466",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2466",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2013/1xxx/CVE-2013-1337.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka \"Authentication Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-040",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040"
},
{
"name" : "TA13-134A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name" : "oval:org.mitre.oval:def:16741",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka \"Authentication Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name": "MS13-040",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-040"
},
{
"name": "oval:org.mitre.oval:def:16741",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16741"
}
]
}
}

130
2013/3xxx/CVE-2013-3089.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
"refsource" : "MISC",
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php",
"refsource" : "MISC",
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
}
]
}
}

130
2013/3xxx/CVE-2013-3263.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "62621",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62621"
},
{
"name" : "53170",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53170"
},
{
"name": "62621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62621"
}
]
}
}

130
2013/3xxx/CVE-2013-3354.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3355."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2013-3354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-22.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-22.html"
},
{
"name" : "oval:org.mitre.oval:def:18948",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3355."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18948",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18948"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-22.html"
}
]
}
}

130
2013/3xxx/CVE-2013-3365.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.html",
"refsource" : "MISC",
"url" : "http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.html"
},
{
"name" : "http://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf",
"refsource" : "MISC",
"url" : "http://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf",
"refsource": "MISC",
"url": "http://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf"
},
{
"name": "http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.html"
}
]
}
}

160
2013/4xxx/CVE-2013-4377.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by \"hot-unplugging\" a virtio device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"
},
{
"name" : "[oss-security] 20130926 Re: CVE request: qemu host crash from within guest",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/09/26/5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1012633",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"
},
{
"name" : "USN-2092-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name" : "55015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by \"hot-unplugging\" a virtio device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"
},
{
"name": "55015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55015"
},
{
"name": "USN-2092-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name": "[oss-security] 20130926 Re: CVE request: qemu host crash from within guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"
}
]
}
}

140
2013/4xxx/CVE-2013-4439.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name" : "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource" : "CONFIRM",
"url" : "http://docs.saltstack.com/topics/releases/0.17.1.html"
},
{
"name" : "https://github.com/saltstack/salt/pull/7356",
"refsource" : "CONFIRM",
"url" : "https://github.com/saltstack/salt/pull/7356"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131018 Re: CVE request for saltstack minion identity usurpation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/18/3"
},
{
"name": "https://github.com/saltstack/salt/pull/7356",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/pull/7356"
},
{
"name": "http://docs.saltstack.com/topics/releases/0.17.1.html",
"refsource": "CONFIRM",
"url": "http://docs.saltstack.com/topics/releases/0.17.1.html"
}
]
}
}

240
2013/4xxx/CVE-2013-4549.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"refsource" : "MLIST",
"url" : "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name" : "https://codereview.qt-project.org/#change,71010",
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#change,71010"
},
{
"name" : "https://codereview.qt-project.org/#change,71368",
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#change,71368"
},
{
"name" : "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name" : "FEDORA-2014-5695",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
},
{
"name" : "openSUSE-SU-2014:0067",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"name" : "openSUSE-SU-2014:0070",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name" : "openSUSE-SU-2014:0125",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"name" : "openSUSE-SU-2014:0173",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name" : "openSUSE-SU-2014:0176",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name" : "USN-2057-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"name" : "56008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56008"
},
{
"name" : "56166",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"
},
{
"name": "56166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56166"
},
{
"name": "openSUSE-SU-2014:0173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"
},
{
"name": "56008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56008"
},
{
"name": "openSUSE-SU-2014:0125",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"
},
{
"name": "https://codereview.qt-project.org/#change,71010",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#change,71010"
},
{
"name": "openSUSE-SU-2014:0176",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"
},
{
"name": "openSUSE-SU-2014:0067",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"
},
{
"name": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/",
"refsource": "CONFIRM",
"url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"
},
{
"name": "USN-2057-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2057-1"
},
{
"name": "https://codereview.qt-project.org/#change,71368",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#change,71368"
},
{
"name": "openSUSE-SU-2014:0070",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"
},
{
"name": "FEDORA-2014-5695",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"
}
]
}
}

34
2013/4xxx/CVE-2013-4641.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4641",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4641",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2013/4xxx/CVE-2013-4963.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://puppetlabs.com/security/cve/cve-2013-4963",
"refsource" : "CONFIRM",
"url" : "http://puppetlabs.com/security/cve/cve-2013-4963"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2013-4963",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2013-4963"
}
]
}
}

142
2017/12xxx/CVE-2017-12100.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-11T00:00:00",
"ID" : "CVE-2017-12100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Blender",
"version" : {
"version_data" : [
{
"version_value" : "v2.78c (32-bit)"
}
]
}
}
]
},
"vendor_name" : "Blender"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-11T00:00:00",
"ID": "CVE-2017-12100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blender",
"version": {
"version_data": [
{
"version_value": "v2.78c (32-bit)"
}
]
}
}
]
},
"vendor_name": "Blender"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452"
},
{
"name" : "DSA-4248",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"name": "DSA-4248",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4248"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452"
}
]
}
}

140
2017/12xxx/CVE-2017-12332.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco NX-OS",
"version" : {
"version_data" : [
{
"version_value" : "Cisco NX-OS"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-434"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco NX-OS",
"version": {
"version_data": [
{
"version_value": "Cisco NX-OS"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1"
},
{
"name" : "102160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102160"
},
{
"name" : "1039931",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102160"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1"
},
{
"name": "1039931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039931"
}
]
}
}

130
2017/12xxx/CVE-2017-12581.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.doyensec.com/2017/08/03/electron-framework-security.html",
"refsource" : "MISC",
"url" : "https://blog.doyensec.com/2017/08/03/electron-framework-security.html"
},
{
"name" : "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf",
"refsource" : "MISC",
"url" : "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf",
"refsource": "MISC",
"url": "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf"
},
{
"name": "https://blog.doyensec.com/2017/08/03/electron-framework-security.html",
"refsource": "MISC",
"url": "https://blog.doyensec.com/2017/08/03/electron-framework-security.html"
}
]
}
}

150
2017/12xxx/CVE-2017-12604.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
},
{
"name" : "https://github.com/opencv/opencv/issues/9309",
"refsource" : "MISC",
"url" : "https://github.com/opencv/opencv/issues/9309"
},
{
"name" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md",
"refsource" : "MISC",
"url" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md"
},
{
"name" : "GLSA-201712-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201712-02"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
},
{
"name": "GLSA-201712-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-02"
},
{
"name": "https://github.com/xiaoqx/pocs/blob/master/opencv.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/opencv.md"
},
{
"name": "https://github.com/opencv/opencv/issues/9309",
"refsource": "MISC",
"url": "https://github.com/opencv/opencv/issues/9309"
}
]
}
}

190
2017/12xxx/CVE-2017-12836.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by \"-oProxyCommand=id;localhost:/bar.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bug-cvs] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html"
},
{
"name" : "[oss-security] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/08/11/1"
},
{
"name" : "[oss-security] 20170811 Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/08/11/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1480800",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1480800"
},
{
"name" : "DSA-3940",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3940"
},
{
"name" : "GLSA-201709-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-17"
},
{
"name" : "USN-3399-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3399-1"
},
{
"name" : "100279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by \"-oProxyCommand=id;localhost:/bar.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100279"
},
{
"name": "[oss-security] 20170811 Re: CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/4"
},
{
"name": "DSA-3940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3940"
},
{
"name": "[oss-security] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/11/1"
},
{
"name": "[bug-cvs] 20170810 CVS and ssh command injection (see CVE-2017-1000117, etc.)",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1480800",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480800"
},
{
"name": "GLSA-201709-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-17"
},
{
"name": "USN-3399-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3399-1"
}
]
}
}

132
2017/13xxx/CVE-2017-13171.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-13171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-13171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "102108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102108"
}
]
}
}

34
2017/13xxx/CVE-2017-13553.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13553",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13553",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/13xxx/CVE-2017-13996.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-13996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LOYTEC LVIS-3ME",
"version" : {
"version_data" : [
{
"version_value" : "LOYTEC LVIS-3ME"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-23"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-13996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LOYTEC LVIS-3ME",
"version": {
"version_data": [
{
"version_value": "LOYTEC LVIS-3ME"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01"
},
{
"name" : "100847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01"
},
{
"name": "100847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100847"
}
]
}
}

34
2017/16xxx/CVE-2017-16310.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16310",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16310",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/16xxx/CVE-2017-16954.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16954",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16954",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/16xxx/CVE-2017-16993.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16993",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16993",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2017/16xxx/CVE-2017-16995.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2017-16995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux kernel through 4.14.8",
"version" : {
"version_data" : [
{
"version_value" : "Linux kernel through 4.14.8"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "incorrect sign extension"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-16995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel through 4.14.8",
"version": {
"version_data": [
{
"version_value": "Linux kernel through 4.14.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44298",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44298/"
},
{
"name" : "45010",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45010/"
},
{
"name" : "45058",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45058/"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/12/21/2",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/12/21/2"
},
{
"name" : "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454"
},
{
"name" : "DSA-4073",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4073"
},
{
"name" : "USN-3523-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name" : "USN-3619-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-1/"
},
{
"name" : "USN-3619-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-2/"
},
{
"name" : "USN-3633-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3633-1/"
},
{
"name" : "102288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102288"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect sign extension"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45058",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45058/"
},
{
"name": "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/95a762e2c8c942780948091f8f2a4f32fce1ac6f"
},
{
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1454"
},
{
"name": "USN-3633-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3633-1/"
},
{
"name": "102288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102288"
},
{
"name": "44298",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44298/"
},
{
"name": "45010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45010/"
},
{
"name": "DSA-4073",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4073"
},
{
"name": "USN-3523-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3523-2/"
},
{
"name": "http://openwall.com/lists/oss-security/2017/12/21/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/12/21/2"
},
{
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f"
}
]
}
}

34
2017/17xxx/CVE-2017-17076.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17076",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-17076",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/17xxx/CVE-2017-17205.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17205",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-17205",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

120
2017/17xxx/CVE-2017-17463.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mateeuslinno/viv0n",
"refsource" : "MISC",
"url" : "https://github.com/mateeuslinno/viv0n"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mateeuslinno/viv0n",
"refsource": "MISC",
"url": "https://github.com/mateeuslinno/viv0n"
}
]
}
}

34
2018/18xxx/CVE-2018-18052.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18052",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18052",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/18xxx/CVE-2018-18099.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18099",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18099",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/18xxx/CVE-2018-18267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18267",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18267",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

196
2018/18xxx/CVE-2018-18593.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-12-31T13:16:00.000Z",
"ID" : "CVE-2018-18593",
"STATE" : "PUBLIC",
"TITLE" : "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UCMDB Configuration Management Service",
"version" : {
"version_data" : [
{
"version_value" : "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
}
]
}
}
]
},
"vendor_name" : "Micro Focus"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : " Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : " Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-12-31T13:16:00.000Z",
"ID": "CVE-2018-18593",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UCMDB Configuration Management Service",
"version": {
"version_data": [
{
"version_value": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://softwaresupport.softwaregrp.com/doc/KM03309650",
"refsource" : "MISC",
"url" : "https://softwaresupport.softwaregrp.com/doc/KM03309650"
},
{
"name" : "106374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106374"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
},
"exploit": [
{
"lang": "eng",
"value": " Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106374"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03309650",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/19xxx/CVE-2018-19691.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19691",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19691",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/1xxx/CVE-2018-1227.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2018-1227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised.",
"version" : {
"version_data" : [
{
"version_value" : "Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a \"concourse-dot-ci\" domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Domain Issue"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised.",
"version": {
"version_data": [
{
"version_value": "Concourse CI: As of 2018-03-13, Pivotal does not believe that any resources or builds of Concourse have been compromised."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-1227",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-1227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Concourse after 2018-03-05 might allow remote attackers to have an unspecified impact, if a customer obtained the Concourse software from a DNS domain that is no longer controlled by Pivotal. The original domain for the Concourse CI (concourse-dot-ci) open source project has been registered by an unknown actor, and is therefore no longer the official website for Concourse CI. The new official domain is concourse-ci.org. At approximately 4 am EDT on March 7, 2018 the Concourse OSS team began receiving reports that the Concourse domain was not responding. The Concourse OSS team discovered, upon investigation with both the original and the new domain registrars, that the originating domain registrar had made the domain available for purchase. This was done despite the domain being renewed by the Concourse OSS team through August 2018. For a customer to be affected, they would have needed to access a download from a \"concourse-dot-ci\" domain web site after March 6, 2018 18:00:00 EST. Accessing that domain is NOT recommended by Pivotal. Anyone who had been using that domain should immediately begin using the concourse-ci.org domain instead. Customers can also safely access Concourse software from the traditionally available locations on the Pivotal Network or GitHub."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Domain Issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-1227",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1227"
}
]
}
}

132
2018/1xxx/CVE-2018-1278.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-05-10T00:00:00",
"ID" : "CVE-2018-1278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pivotal Application Service",
"version" : {
"version_data" : [
{
"version_value" : "1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authorization Error"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-10T00:00:00",
"ID": "CVE-2018-1278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Application Service",
"version": {
"version_data": [
{
"version_value": "1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-1278",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-1278"
},
{
"name" : "104227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-1278",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1278"
},
{
"name": "104227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104227"
}
]
}
}

34
2018/1xxx/CVE-2018-1615.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1615",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1615",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

172
2018/1xxx/CVE-2018-1970.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-30T00:00:00",
"ID" : "CVE-2018-1970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "7.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-01-30T00:00:00",
"ID": "CVE-2018-1970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Identity Manager",
"version": {
"version_data": [
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
},
{
"name" : "ibm-sim-cve20181970-info-disc(153751)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "7.100",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sim-cve20181970-info-disc(153751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153751"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10796380",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10796380"
}
]
}
}

120
2018/5xxx/CVE-2018-5266.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html",
"refsource" : "MISC",
"url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html",
"refsource": "MISC",
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
}
]
}
}

120
2018/5xxx/CVE-2018-5267.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html",
"refsource" : "MISC",
"url" : "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html",
"refsource": "MISC",
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
}
]
}
}

164
2018/5xxx/CVE-2018-5551.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2018-5551",
"STATE" : "PUBLIC",
"TITLE" : "DocuTrac DTISQLInstaller.exe Hard-Coded Credentials"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DTISQLInstaller.exe",
"version" : {
"version_data" : [
{
"affected" : "<=",
"platform" : "Windows",
"version_value" : "1.6.4.0"
}
]
}
}
]
},
"vendor_name" : "DocuTrac"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hard-Coded Credentials (CWE-798)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2018-5551",
"STATE": "PUBLIC",
"TITLE": "DocuTrac DTISQLInstaller.exe Hard-Coded Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DTISQLInstaller.exe",
"version": {
"version_data": [
{
"affected": "<=",
"platform": "Windows",
"version_value": "1.6.4.0"
}
]
}
}
]
},
"vendor_name": "DocuTrac"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/"
}
]
},
"source" : {
"discovery" : "EXTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-Coded Credentials (CWE-798)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

132
2018/5xxx/CVE-2018-5832.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-5832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Camera"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2018-5832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
}
]
}
}